jstl formatNumber in input leads to NumberFormatException - jsp-tags

in my jsp I have this:
<fmt:formatNumber type="number" minFractionDigits="2" value="${myVal}" var="val" />
and I use "val" in an input field. It displays nicely (e.g. 10,000.00).
But when the form is submitted I get a NumberFormatException which didn't happen without the formatting.
I haven't found a way around this - any clues?
Thanks,
John.

When the form is submitted this number (e.g. 10,000.00) goes back to your server(I assume).
In that case the formatted number is now a string with a comma between 10 and 000.00
Make sure what you submit back is a valid number without any characters like comma.

Related

how to enter a carriage return in a Link label field

I've got several Link fields on an xPage. The labels of these link fields are retrieved from a Notes document. I want to insert a carriage return into the text so the text when displayed on the web page is split into 2 lines. Entering
<br/>
used to work for label fields so I tried that but it doesn't work anymore. Maybe some xpage update changed that functionality. Anyone know another way of doing this?
thanks clem
You need to set the escape property to false in order to allow HTML. Here's an example:
<xp:link escape="false" id="test" value="http://example.com">
<xp:this.text><![CDATA[#{javascript:"Test 1<br/>Test 2"}]]></xp:this.text>
</xp:link>

How to restrict an input to a variable amount of numbers only with PrimeFaces inputMask element

I need to define something similar to this regex:
[0-9]{1, 5}
On a PrimeFaces <inputMask> element:
<p:inputMask mask="regexGoesHere" value="#{someBean.val}"/>
I looked at the PrimeFaces showcase, but I couldn't figure out how to do it.
So does anyone know how to do it in any way besides JavaScript ?
I'm not exactly looking for a solution with <inputMask> anything that would restrict me from typing letters in the input on the client side is OK.
Thanks
If you want or need to limit the length too, you could do something like this:
<p:inputMask
mask="9?9999"
maxlength="5"
slotChar=" "
value="#{someBean.val}" />
where the user can only enter 1 to 5 digits, or the following for four digits and so on
<p:inputMask
mask="9?999"
maxlength="4"
slotChar=" "
value="#{someBean.val}" />
Prior to PrimeFaces 5.1: use placeHolder instead of slotChar (Issue 7324).
The following Masked Input Plugin is the original jquery plugin that is being used by Primefaces , you can find much more information about its usage, also there are several p:input-mask code example in this PDF PrimeFaces:
More Input Elements look at page 24
KeyFilter from PrimeFaces Extensions looks exactly as something you need:
http://fractalsoft.net/primeext-showcase-mojarra/views/keyFilter.jsf
According to documentation and example, it is driven by regexp, and functions exactly as it should: blocking the ability to type something not passing to the regexp.
just try this :
<p:inputMask maxlength="5">
<pe:keyFilter regEx="/[\d]/" />
</p:inputMask>
maxlength : limit the number of caracters to 5 max
regEx : only authorize decimal caracter on key press
nb:
You could use a validator. Or the validaterange and define a minimum and maximum.

How to capture a string using onkeydown before it received by the text field

I am trying to find a way to get more than one characters pasted on html text field (input type=text), using onkeydown or onkeypress, I am NOT interested in onkeyup(it works), so please do not suggest me this solution. Also I am not interested in Jquery, I do not like to use it. I need solution to work with all browsers.
I am able to do that if you type one character, by taking the character of the event, but till now I am unable to get group of characters come from the paste (ctrl+V) or by mouse.
You can look at Facebook search menu that shows auto complete results, it works on events: onkeydown and onkeypress and you notice that you get the result before you release your finger, try to paste something (more than one character) and you get the result before releasing finger, how? Onkeypress and onkeydown do not show first thing you paste or type because they happen before the text being added to text field.
If you want to understand what I want more, please check my code below:
<input type="text" id="targetTextField" onkeydown="CapturePastedString(this.id)" />
<script>
function CapturePastedString(id){
var targetTextField=document.getElementById(id);
// below I need to capture the pasted string like:
var pasted_string= function(){.....}
targetTextField.value=pasted_string;
}
</script>
Any help would be so thankful, because since long time I am trying but cannot find solution yet.
Try the onkeydown handler it works.You can get the keyCode from there and then the key.
<input type="text" value="" onkeydown="alert(String.fromCharCode(event.keyCode));"/>
Note that since all characters on the keyboard are capital you would also get capital letter. The above code would display the key pressed

JSF: Hide input when typing in the text box

I want to hide the first 6 characters of SSN when user types in the text box. Something like *--1234
Is there any built in tag I can achieve this. Thanks in advance.
The "built in" components of the standard JSF implementation only represents the standard HTML elements. Your functional requirement is not covered by any of those HTML elements, so the standard JSF implementation won't have it as well. The closest one is the HTML <input type="password"> which is provided by JSF <h:inputSecret> component, but this will mask all characters instead of only a specified subset.
Also no 3rd party JSF component libraries comes to mind which is able to do this. You have basically 2 options, an easy one and a harder one.
Split the SSN over two input fields. One <h:inputSecret> and one <h:inputText>. Add if necessary some onkeyup JavaScript helper code which auto-tabs to the next field when 6 characters are entered. In the server side just glue the two parts together.
Use a <h:inputHidden> for the value and a normal <input type="text"> with some onkeydown JavaScript helper code which fills the hidden input and returns the masked character to the visible input for the first 6 characters.

How to handle encoded inputs that need to be edited?

Using Microsoft's AntiXssLibrary, how do you handle input that needs to be edited later?
For example:
User enters:
<i>title</i>
Saved to the database as:
<i>title</i>
On an edit page, in a text box it displays something like:
<i>title</i> because I've encoded it before displaying in the text box.
User doesn't like that.
Is it ok not to encode when writing to an input control?
Update:
I'm still trying to figure this out. The answers below seem to say to decode the string before displaying, but wouldn't that allow for XSS attacks?
The one user who said that decoding the string in an input field value is ok was downvoted.
Looks like you're encoding it more than once. In ASP.NET, using Microsoft's AntiXss Library you can use the HtmlAttributeEncode method to encode untrusted input:
<input type="text" value="<%= AntiXss.HtmlAttributeEncode("<i>title</i>") %>" />
This results in
<input type="text" value="<i>title</i>" /> in the rendered page's markup and is correctly displayed as <i>title</i> in the input box.
Your problem appears to be double-encoding; the HTML needs to be escaped once (so it can be inserted into the HTML on the page without issue), but twice leads to the encoded version appearing literally.
You can call HTTPUtility.HTMLDecode(MyString) to get the text back to the unencoded form.
If you are allowing users to enter HTML that will then be rendered on the site, you need to do more than just Encode and Decode it.
Using AntiXss prevents attacks by converting script and markup to text. It does not do anything to "clean" markup that will be rendered directly. You're going to have to manually remove script tags, etc. from the user's input to be fully protected in that scenario.
You'll need to strip out script tags as well as JavaScript attributes on legal elements. For example, an attacker could inject malicious code into the onclick or onmouseover attributes.
Yes, the code inside input boxes is safe from scripting attacks and does not need to be encoded.

Resources