Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-3410

user can edit value of component by javascript console or development tool

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 8.0.1
    • Fix Version/s: None
    • Component/s: Components
    • Labels:
      None

      Description

      redo:
      1. create a form add a textbox
      2. set readonly = true, disable = true for textbox
      3. when page is show on browse. use chrome development tool to delete attribute readonly="readonly" and disable
      4. now user can edit value of text field
      5. it's ok but when use move out of text field, this value is sync to server
      ==========
      do you think we should add a new attribute like disableClientEdit so we can avoid this kind of hack?
      or maybe already have solution for this issue?

        Activity

        Hide
        hiepgau hiepgau added a comment -
        Show
        hiepgau hiepgau added a comment - it already resolve by auservice. please help me close it. https://www.zkoss.org/wiki/ZK_Developer's_Reference/Security_Tips/Block_Request_for_Inaccessible_Widgets

          People

          • Assignee:
            Unassigned
            Reporter:
            hiepgau hiepgau
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: