Using the Data Mapper Pattern, Should the Entities (Domain Objects) know about the Mapper?

Question

I\'m working with Doctrine2 for the first time, but I think this question is generic enough to not be dependent on a specific ORM.

Should the entities in a

Answer 1

No.

Here's why: trust. You cannot trust data to act on the benefit of the system. You can only trust the system to act on data. This is a fundamental of programming logic.

Let's say something nasty slipped into the data and it was intended for XSS. If a data chunk is performing actions or if it's evaluated, then the XSS code gets blended into things and it will open a security hole.

Let not the left hand know what the right hand doeth! (mostly because you don't want to know)