I have a web application that uses JSF 2.2, PrimeFaces 12 and Sapphire 5.1. It runs on Wildfly 17 and 21.
I would like to test now if it is possible for a user to trick a disabled <p:inputText field in that he / she opens the HTML page in a browser, navigates to the disabled field, edits it and sends a HTML request to the server with the edited element.
Initially, we have the follwoing structure of the input field:
<input id="resultsFormId:firstNameId0persDaten" name="resultsFormId:firstNameId0persDaten" type="text" value="Trio" class="ui-inputfield ui-inputtext ui-widget ui-state-default ui-corner-all ui-state-disabled ui-state-filled" disabled="disabled" autocomplete="off" role="textbox" aria-disabled="true" aria-readonly="false">
Then, the user deletes the attributes:
disabled="disabled"
aria-disabled="true"
as well as the css class ui-state-disabled.
As a result of this, the user is able to change the value of the element from "Trio" to, for example, "Trio_XYZ". This works ok, but as long as the user presses the OK button and the form is submitted to the server, no change of the value of the element happens in the back-end.
In fact, the setter method of the bean is not being called at all.
Is this a feature or a bug? Is it possible to Trick a disabled <p:inputText element at all?
Thank you and kind regards,
Alex
Trick a disabled <p:inputText element
Forum rules
Please note that response time for technical support is within 3-5 business days.
Please note that response time for technical support is within 3-5 business days.
-
- Posts: 5281
- Joined: 29 Jun 2013, 12:38
Hi Alex,
It is not possible. Our server-side code;
Best Regards,
It is not possible. Our server-side code;
Code: Select all
public class InputTextRenderer extends InputRenderer {
@Override
public void decode(FacesContext context, UIComponent component) {
InputText inputText = (InputText) component;
if (!shouldDecode(inputText)) {
return;
}
...
Code: Select all
...
protected boolean shouldDecode(UIInput component) {
return !isDisabled(component) && !isReadOnly(component);
}
Github Profile: https://github.com/mertsincan
-
- Information
-
Who is online
Users browsing this forum: No registered users and 1 guest