[
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607228#action_12607228
]
Matthias Weßendorf commented on TRINIDAD-1129:
----------------------------------------------
back to this bug.
this is also a security issue.
When hijacking the submit (via man in the middle tool), currently is looks like
no validation will occur on the server...
Will fix the validations soon, when time allows.
> Server-side validation does not work when using Sun JSF implementation
> ----------------------------------------------------------------------
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
> Issue Type: Bug
> Affects Versions: 1.2.8-core
> Reporter: Stephen Friedrich
> Assignee: Matthias Weßendorf
> Attachments: test.war
>
>
> <tr:validateLength> (and very probably other Trinidad validator also) do not
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with
> mojarra's expectations.
> (Using mojarra 1.2_08)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
