I am wondering, when using SimpleFormController, AbstractFormController, etc: For the properties of an object that you don't bind in your view (using spring:bind tags), is it possible for an attacker to submit these fields, or are only the fields that are bound allowed to be submitted?
Announcement Announcement Module
No announcement yet.
Security of form fields in *FormController Page Title Module
Move Remove Collapse