myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthias Weßendorf (JIRA) <...@myfaces.apache.org>
Subject [jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
Date Mon, 23 Jun 2008 13:46:45 GMT

    [ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607228#action_12607228
] 

Matthias Weßendorf commented on TRINIDAD-1129:
----------------------------------------------

back to this bug.
this is also a security issue.
When hijacking the submit (via man in the middle tool), currently is looks like no validation
will occur on the server...
Will fix the validations soon, when time allows.

> Server-side validation does not work when using Sun JSF implementation
> ----------------------------------------------------------------------
>
>                 Key: TRINIDAD-1129
>                 URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
>             Project: MyFaces Trinidad
>          Issue Type: Bug
>    Affects Versions:  1.2.8-core
>            Reporter: Stephen Friedrich
>            Assignee: Matthias Weßendorf
>         Attachments: test.war
>
>
> <tr:validateLength> (and very probably other Trinidad validator also) do not validate
anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no validation
exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and "maximum"
fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message