RichFaces
  1. RichFaces
  2. RF-1330

Security: event handlers could be invoked for inappropriate drag/accepted types

    Details

    • Type: Bug Bug
    • Status: Closed Closed (View Workflow)
    • Priority: Critical Critical
    • Resolution: Done
    • Affects Version/s: 3.2.0
    • Fix Version/s: 3.1.3, 3.2.0
    • Component/s: None
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      If client validation will be off for D'n'D, than it's possible to D'n'D incompatible things

        Activity

        Hide
        Nick Belaevski
        added a comment -

        Use:
        DnD.CLIENT_VALIDATION_OFF = true;

        to switch off client validation for testing

        Show
        Nick Belaevski
        added a comment - Use: DnD.CLIENT_VALIDATION_OFF = true; to switch off client validation for testing
        Hide
        Nick Belaevski
        added a comment -

        fixed, suggested for 3.1.x

        Show
        Nick Belaevski
        added a comment - fixed, suggested for 3.1.x
        Hide
        Nick Belaevski
        added a comment -

        Issue should be verified either for inline e.g. dragListener="#

        {...}

        " or for nested <rich:dragListener> listeners

        Show
        Nick Belaevski
        added a comment - Issue should be verified either for inline e.g. dragListener="# {...} " or for nested <rich:dragListener> listeners
        Hide
        Ilya Shaikovsky
        added a comment -

        commit to 3.1.x please.

        Show
        Ilya Shaikovsky
        added a comment - commit to 3.1.x please.

          People

          • Assignee:
            Aleksej Yanul
            Reporter:
            Nick Belaevski
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: