Hi,
I couldn't find this addressed anywhere in the faq or the mailinglist, so
here goes:
I think dynafaces is really cool, but I wonder if opening JSF up to
javascript in that way doesn't open up a huge security hole in your app. In
particular the dispatching of JSF events using javascript, wouldn't that
allow, for example, a client to bypass the "process validations" phase and
inject unsafe values into the model?
Regards,
Maarten
PS. This list seems kinda dead. Is the real action somewhere else?