I also posted this on stackoverflow and got an answer saying it would break the separation of concerns if I used parameters on the MVC view layer.
How is that breaking the separation of concerns and how do I avoid that ?
If you could toss me some keywords or links, I'll do the rest of that.
I am not quite sure if I should make another thread for this one or not.
I'd say that's a good follow-up that fits in here.
I think it's taking the "separation of concerns" idea too far to use it in this case - request and response are generally closely related, and you will frequently need to use some of the request parameters in rendering the response. If JForum used JSP then this would happen automatically. Since it uses FreeMarker, all parameters required in the response are set in the Action classes. Sure, the authors of JForum could have decided to add code that sets all request parameters all the time, but I agree with this limited approach simply for security reasons if nothing else (minimizing the attack surface in case of FreeMarker vulnerabilities).
Adam Hun wrote:And oops, I didn't know that cross posting is considered a bad practice.
I normally don't do this though.
Cross posting is fine. We just ask for a link to the other site. That way someone doesn't spend 15 minutes typing in a thoughtful answer only to find out the other site answered it first (or vice versa).