views:

38

answers:

1

If I let anyone modify a freemarker viewpage, can I somehow make it hack free?

I know I read somewhere that I can make disable scriplets, but that was for .jsp pages so not sure if it will work with freemarker.

I basically want a way where I can set the attributes that will be available on the page, and let web designers go into the page and edit it all they want (all the while making it secure).

i.e. I don't want people to be able to access any of objects in the request pipeline, or output my connection string to the page etc.

A: 

Request and other objects are exposed to the FreeMarker template by Spring's FreeMarkerView, when FreeMarker is used as a Spring MVC view technology.

To have a full control over the data being exposed to the templates, you can use FreeMarker directly, as described in the FreeMarker docs. However, you can still use Spring's support for FreeMarker configuration (FreeMarkerConfigurationFactoryBean).

axtavt