How is this (hacking) possible with JSF?!

UI Components for JSF
Post Reply
User avatar
MISS_DUKE
Posts: 273
Joined: 08 Aug 2010, 05:52

12 Jun 2011, 05:47

The following shows a piece of JSF markup from my application.

Code: Select all

<h:inputTextarea id="educationDetails2" value="#{requestScope.educationDetails}" rendered="#{viewScope.education eq 'UG' or viewScope.education eq 'PG'}" cols="50" rows="3"  required="true" validatorMessage="#{m.v}" requiredMessage="#{m.r}" title="Your details of education come here">
                        <f:validateLength minimum="50" maximum="500"/>
                        <f:ajax execute="@this" render="messageForEducationDetails2"/>
                    </h:inputTextarea>
The field collects input from the user, which is a REQUIRED field and undergoes for a SERVERSIDE validation (according to my understanding). Some of my users are able to submit the form (and passing the validation) without entering the input. Please anyone explain me how is this possible?
JSF implementation: Mojarra V2.1.7
JSF component library: Primefaces V3.1.1
Server: GlassFish Open Source Edition V3.1.1 (build 12)

User avatar
Oleg
Expert Member
Posts: 3805
Joined: 02 Oct 2009, 09:41
Location: Germany, Black Forest

12 Jun 2011, 20:50

Hi,

You didn't show how you submit your form :-) If you have p:commandButton with "immediate"=true or process="@this" or other process area, that can be the reason.
PrimeFaces Cookbook (2. edition): http://ova2.github.io/primefaces-cookbook/ Learning Angular UI Development with PrimeNG: https://github.com/ova2/angular-develop ... th-primeng Blog: https://medium.com/@OlegVaraksin

User avatar
MISS_DUKE
Posts: 273
Joined: 08 Aug 2010, 05:52

13 Jun 2011, 02:05

@Oleg

I am not using "immediate" or "@this", markup for form submission is similar to the following:

Code: Select all

<p:commandButton value="Continue" action="#{registerBacking.action}" styleClass="regButton"
                                     update="message1 message2 message3 message4 message5" process="@form"
                                     id="disableEnable" onclick="disable()" oncomplete="enable(xhr, status, args)">
                    </p:commandButton>
JSF implementation: Mojarra V2.1.7
JSF component library: Primefaces V3.1.1
Server: GlassFish Open Source Edition V3.1.1 (build 12)

User avatar
Oleg
Expert Member
Posts: 3805
Joined: 02 Oct 2009, 09:41
Location: Germany, Black Forest

13 Jun 2011, 16:45

Try to use Id instead of @form.
PrimeFaces Cookbook (2. edition): http://ova2.github.io/primefaces-cookbook/ Learning Angular UI Development with PrimeNG: https://github.com/ova2/angular-develop ... th-primeng Blog: https://medium.com/@OlegVaraksin

User avatar
MISS_DUKE
Posts: 273
Joined: 08 Aug 2010, 05:52

13 Jun 2011, 17:33

Try to use Id instead of @form.
@Oleg
While thanking your suggestions, I want to question why id may be used instead of @form (in order to solve this issue).

I want to know how this hacking is possible and then corrective actions can be taken accordingly.

Thanks again.
JSF implementation: Mojarra V2.1.7
JSF component library: Primefaces V3.1.1
Server: GlassFish Open Source Edition V3.1.1 (build 12)

User avatar
Oleg
Expert Member
Posts: 3805
Joined: 02 Oct 2009, 09:41
Location: Germany, Black Forest

13 Jun 2011, 19:57

I want to question why id may be used instead of @form (in order to solve this issue)
To be honest I don't know. E.g. @this doesn't work in datatables, but a direct Id works fine. Something with @form / @this resolving is not working sometimes.
PrimeFaces Cookbook (2. edition): http://ova2.github.io/primefaces-cookbook/ Learning Angular UI Development with PrimeNG: https://github.com/ova2/angular-develop ... th-primeng Blog: https://medium.com/@OlegVaraksin

Post Reply

Return to “PrimeFaces”

  • Information
  • Who is online

    Users browsing this forum: No registered users and 24 guests