Force JSF to process, validate and update readonly/disabled input components anyway

by

That’s the effect of JSF’s safeguard against tampered/attacked requests wherein the hacker attempts to circumvent the readonly (and disabled) attribute by manipulating the HTML DOM and/or the HTTP request.

Instead of

<x:inputXxx ... readonly="true">

use

<x:inputXxx ... readonly="#{facesContext.currentPhaseId.ordinal eq 6}">

or

<x:inputXxx ... readonly="#{not facesContext.postback or facesContext.renderResponse}">

This makes sure that readonly is only effective during render response phase and not during all other JSF phases. So, when JSF is about to decode the input component during the apply request values phase, it will consider readonly="false" this way.

See also:

More Related Contents:

  1. JSF doesn’t support cross-field validation, is there a workaround?
  2. Validation Error: Value is not valid
  3. How to let validation depend on the pressed button?
  4. How to perform JSF validation in actionListener or action method?
  5. How to perform validation in JSF, how to create a custom validator in JSF
  6. Is JSF validation client-side or server-side?
  7. How to skip validation when a specific button is clicked?
  8. Change the default message “Validation Error: Value is required” to just “Value is required”
  9. How to display dialog only on complete of a successful form submit
  10. How to trigger args.validationFailed in PrimeFaces oncomplete
  11. Using validator with a variable attribute in ui:repeat
  12. How to customize JSF validation error message
  13. Why does allow blank spaces?
  14. Keep open when validation has failed
  15. Validate order of items inside ui:repeat
  16. jsf validate two fields in one time [duplicate]
  17. How can I populate a text field using PrimeFaces AJAX after validation errors occur?
  18. Do I really need to encode ‘&’ as ‘&’?
  19. Min / Max Validator in Angular 2 Final
  20. How can I manually set an Angular form field as invalid?
  21. How to check whether a file is valid UTF-8?
  22. AngularJS: integrating with server-side validation
  23. How to force MVC to Validate IValidatableObject
  24. Method must have signature “String method() …[etc]…” but has signature “void method()”
  25. How validate two password fields by ajax?
  26. Found an unexpected Mach-O header code: 0x72613c21 in Xcode 7
  27. What characters should be restricted from a Unix file name?
  28. Disable validation of HTML form elements
  29. Conditionally provide either file download or show export validation error message
  30. How do you perform address validation? [closed]

Leave a Comment