1

I am using Primefaces Datatable component. This data table component creates a hidden field dynamically on the browser.

<input type="hidden" id="formId:activitydescription_selection" name="formId:activitydescription_selection" autocomplete="off" value="" />

The Primefaces datatable code is as follows

<p:dataTable  id="activitydescription" var="type"
            value="#{activityBean.activityList}" rows="#{activityBean.rowNo}" rowKey="#{type.activitySchemeId}"
            selection="#{activityBean.activityDTO}"
            emptyMessage="No value found with given criteria"
            paginatorPosition="bottom" sortMode="single" paginator="#{empty activityBean.activityList ? 'false':'true' }"
            dynamic="true"
            paginatorTemplate="{CurrentPageReport}  {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink}"
            rowIndexVar="rowIndex">

Now when the page is submitted HIDV thinks the hidden field which is created dynamically on the browser is a case of hacking thereby redirecting to error page with the console log as 

org.hdiv.logs.Logger log INVALID_PARAMETER_NAME;/hseadmin/pages/secured/admin/Layout.xhtml;**formId:activitydescription_selection**;;0:0:0:0:0:0:0:1;0:0:0:0:0:0:0:1;anonymous

In my hdiv-config.xml file i have modified the file so that HDIV ignore thi validation where this field occurs

<hdiv:paramsWithoutValidation>
         <hdiv:mapping url=".*"  parameters="formId:activitydescription_selection"/>
        </hdiv:paramsWithoutValidation>

But no luck still the same console error and HDIV is redirecting to error page. Can someone help me out on how to avoid these validations on HDIV?

Joy Chowdhury
  • 73
  • 1
  • 10
  • What is the advantage of using hdiv for this? Jsf is a ui framwork that has serverside counterparts of all ui components and checks if what is posted matches with what can be post in terms of availbity of fields and even values of fields (e.g. selects) – Kukeltje May 19 '15 at 06:43
  • @Kukeltje: Can you suggest how do i avoid 10 owasp errors in primefaces. – Joy Chowdhury May 19 '15 at 20:05
  • Start by posting a new question with enough detail – Kukeltje May 19 '15 at 20:07

2 Answers2

0

try..

<property name="userStartParameters">  
<list>
  <value>hidden1Name</value>
  <value>hidden2Name</value>
</list>
</property>
ashok
  • 1
0

HDIV doesn't support the Primefaces components, only standard JSF components like <h:dataTable>.

http://www.hdiv.org/hdiv-documentation-single/doc.html

gillarramendi
  • 271
  • 1
  • 8
  • Thanks @gillarramendi for the making the picture crystal clear.So now we can look for alternatives.Any plans to release a version of HDIV compatible with Primefaces components any time soon. – Joy Chowdhury May 20 '15 at 06:09