[jira] Commented: (MYFACES-240) generated JavaScript clear_browse() function allows Internet Explorer to return "null" field values

Mon, 04 Jul 2005 08:42:14 -0700 

    [ 
http://issues.apache.org/jira/browse/MYFACES-240?page=comments#action_12315022 
] 

Kevin Roast commented on MYFACES-240:
-------------------------------------

Fix should be:

Modifying the following file:
   org/apache/myfaces/renderkit/html/HtmlRendererUtils.java
on line 700 changing:
writer.write("'].value=null;");
to
writer.write("'].value=''");
will fix the problem. 

Thanks!

Kevin

> generated JavaScript clear_browse() function allows Internet Explorer to 
> return "null" field values
> ---------------------------------------------------------------------------------------------------
>
>          Key: MYFACES-240
>          URL: http://issues.apache.org/jira/browse/MYFACES-240
>      Project: MyFaces
>         Type: Bug
>     Versions: 1.0.9 beta
>  Environment: WinXP SP1. Intel P4. JBoss 4.0.1sp1. JBoss Portal 2.0 RC. 
> MyFaces 1.0.9
>     Reporter: Kevin Roast

>
> Generated JavaScript "clear_browse()" function allows Internet Explorer to 
> return "null" string literal field values.
> The clear_browse() function generated by MyFaces at the end of the FORM tag 
> to clear the various hidden fields output by the system sets the field values 
> to 'null' using JavaScript.
> However, for applications that add their own hidden fields to the form to be 
> output in this way (as many advanced components do), it is preferable to set 
> the fields to the empty string "" instead. Otherwise in Internet Explorer it 
> will submit the literal string "null" as the field value instead of the empty 
> string. This can affect components that decode() their values and are looking 
> to see if a field has been set to a value other than "". Of course the 
> components could check for the literal string "null" but that is a weak 
> solution.
> Modifying the following file:
>    org/apache/myfaces/renderkit/html/HtmlRendererUtils.java
> on line 700 changing:
> writer.write("'].value=null;");
> to
> writer.write("'].value='';");
> will fix the problem. 
> This issue does not affect the FireFox browser which appears to be smart 
> enough to send up the empty string when JavaScript has set a hidden field 
> value to null.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to