无论如何强制 JSF 处理、验证和更新只读/禁用的输入组件 [英] Force JSF to process, validate and update readonly/disabled input components anyway

问题描述

我正在创建一个计算器，用户可以通过单击虚拟小键盘来执行各种操作.现在我想限制用户只能通过单击按钮来选择各种字符，并且他/她不应该使用键盘输入值.我尝试使用 readonly="true" 但当我们单击任何按钮时，它既不验证输入也不设置 bean 中的值.

I am creating a calculator where a user can do the various operations by clicking on virtual numpad. Now I want to restrict the user to only select the various characters by clicking on the buttons and s/he should not be able to enter the values using keyboard. I tried using readonly="true" but it is neither validating the input nor setting the values in the bean when we click on any button.

我们在 jsf 中是否有任何此类限制?

Do we have any such restrictions available in jsf?

推荐答案

这就是 JSF 针对篡改/攻击请求的保护措施的效果，其中黑客试图绕过 readonly(和 disabled) 属性通过操作 HTML DOM 和/或 HTTP 请求.

That's the effect of JSF's safeguard against tampered/attacked requests wherein the hacker attempts to circumvent the readonly (and disabled) attribute by manipulating the HTML DOM and/or the HTTP request.

代替

<x:inputXxx ... readonly="true">

使用

<x:inputXxx ... readonly="#{facesContext.currentPhaseId.ordinal eq 6}">

或

<x:inputXxx ... readonly="#{not facesContext.postback or facesContext.renderResponse}">

这确保 readonly 仅在渲染响应阶段有效，而在所有其他 JSF 阶段无效.因此，当 JSF 即将在应用请求值阶段解码输入组件时，它会以这种方式考虑 readonly="false".

This makes sure that readonly is only effective during render response phase and not during all other JSF phases. So, when JSF is about to decode the input component during the apply request values phase, it will consider readonly="false" this way.

• #{facesContext.currentPhaseId.ordinal}的其他用途

这篇关于无论如何强制 JSF 处理、验证和更新只读/禁用的输入组件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！