Reputation: 1
Hdiv 3.4.0 and spring with hidden input
In spring forms I have hidden input
like
<form:form method="post" modelAttribute="order" name="..." action="processListOrdersSelect.html">
<p>
<label for="username">Select Username:</label>
<form:select path="username">
<form:option value="j2ee" label="j2ee" />
</form:select>
</p>
<input type="hidden" name="test" value="test" />
<form:button onclick="submit()">View Orders</form:button>
</form:form>
when I submit with this form ,Hdiv security give me unauthorized access, I think that Hdiv didn't use the input hidden fields while generating the Hdiv _HDIV_STATE_ for the parameter tampering. how to let Hdiv use my hidden input without using the
<form:hidden path="test" value="test" />
because I don't have any value bean for this property tag. and I want Hdiv to validate the hidden input not to skip them using
<hdiv:paramsWithoutValidation>
<hdiv:mapping url="/.*" parameters="test" />
</hdiv:paramsWithoutValidation>
please tell me how to solve this issue ??
Upvotes: 0
Views: 269
Answers (1)
Reputation: 271
Hdiv is aware of the form fields generated using tags like <form:hidden>, as the value of the parameter is obtained from Spring MVC tags.
If a form field is generated without Spring MVC tag it is not processed by Hdiv and is considered as a new field included by the client.
Use Spring tag or exclude parameter validation as you mentioned in the question.
Upvotes: 1
Related Questions
- Second hidden input is not read
- Spring boot with hdiv
- HDIV INVALID_PARAMETER_NAME error with Spring Tag form
- How to prevent changes in hidden inputs?
- How can Config HDIV in Spring boot
- HDIV + Spring MVC - getting always Unauthorized Access error HDIV_PARAMETER_DOES_NOT_EXIST
- HDIV -- INVALID_EDITABLE_VALUE
- Issue in form submit with the Integration of HDIV and Spring MVC
- Spring + HDIV : NoSuchBeanDefinitionException: No qualifying bean of type [org.hdiv.config.HDIVConfig] is defined
- Form Submit Not Working on the integration of HDIV and Spring MVC