JSF: Hide input when typing in the text box - jsf

I want to hide the first 6 characters of SSN when user types in the text box. Something like *--1234
Is there any built in tag I can achieve this. Thanks in advance.

The "built in" components of the standard JSF implementation only represents the standard HTML elements. Your functional requirement is not covered by any of those HTML elements, so the standard JSF implementation won't have it as well. The closest one is the HTML <input type="password"> which is provided by JSF <h:inputSecret> component, but this will mask all characters instead of only a specified subset.
Also no 3rd party JSF component libraries comes to mind which is able to do this. You have basically 2 options, an easy one and a harder one.
Split the SSN over two input fields. One <h:inputSecret> and one <h:inputText>. Add if necessary some onkeyup JavaScript helper code which auto-tabs to the next field when 6 characters are entered. In the server side just glue the two parts together.
Use a <h:inputHidden> for the value and a normal <input type="text"> with some onkeydown JavaScript helper code which fills the hidden input and returns the masked character to the visible input for the first 6 characters.

Related

Kentico 9 search result transformation

We've noticed a bug when looking at French search results. in the CMS Desk, i've kept the Page Name in English for the French content. The issue is, these are showing on the French results page.
in the transformation, based off the default one, I present the clickable title like this:
<a href='<%# SearchResultUrl() %>' data-type="title" target="_blank" ><%#SearchHighlight(HTMLHelper.HTMLEncode(CMS.ExtendedControls.ControlsHelper.RemoveDynamicControls(DataHelper.GetNotEmpty(Eval("Title"), ""))), "<span class='highLight'>", "</span>")%></a>
Here's my thinking, if the Menu Caption is filled out, use that rather than title. How do i output DocumentMenuCaption without adjust the search fields on the menu page type?
I think my logic is, check if DocumentMenuCaption is emtpy, if it use, use Title.
You should be able to continue using GetNotEmpty and just pass in the DocumentMenuCaption first, something like this:
<%# GetNotEmpty(GetSearchValue("DocumentMenuCaption");Eval("Title")) %>
You may or may not need the "GetSearchValue" function, but that allows you to grab values from the object that may not be available in the default set of columns for the search results.
Alternatively, you should be able to use the IfEmpty() method:
<%# IfEmpty(GetSearchValue("DocumentMenuCaption"), Eval("Title"), GetSearchValue("DocumentMenuCaption")) %>
Both transformation methods taken from here (double check syntax on "GetNotEmpty" as there are different ways it's implemented: https://docs.kentico.com/k9/developing-websites/loading-and-displaying-data-on-websites/writing-transformations/reference-transformation-methods
You can read more about the search transformations here: https://docs.kentico.com/k9/configuring-kentico/setting-up-search-on-your-website/displaying-search-results-using-transformations

Primefaces editor generates span elements

I use primefaces editor within a project (http://www.primefaces.org/showcase/ui/input/editor.xhtml). My problem is that it always generates SPAN elements.
E.g. test is exported as
<span style="font-weight: bold;">test</span>
Instead of this, I need to generate markup (and so for the other functions) liek this:
<b>test</b>
Any idea?
(it is not my personal wish but a need to be compatible with a legacy API)
Instead of <p:editor> use <pe:ckEditor> primefaces extension, and there are various options available for this choose according to your requirement primefaces editor will always generate span for text.

notes style field in xpages

Is there any possibility to make an editbox in xpages that looks like an editable field - notes style from Lotus Notes? Or to be able to display the field value in more lines, if it necessary ?
I tried adding Auto for the editbox, but it no works.
rows and cols properties allow you to change the size. You can also use Dojo Simple Text Area or Dojo Text Area controls from Ext Lib. The latter auto-expands depending on the content, so rows and cols are not applicable (see the part in XPages Extension Library book on that).
If you're talking about the field handles round the top left and bottom right of a field, I don't think web development supports partial borders. It will be a generic CSS web development solution you require, rather than anything specific to XPages.
I know this is kind of late but here's what I came up with:
https://codepen.io/gcoxdev/pen/MmdrYz
<div class="notes-field">
<div class="notes-editable contenteditable="true"></div>
<textarea name="test"></textarea>
</div>
Of course, you'll have to convert that to xpages markup.
Essentially I'm creating a content-editable div with unicode characters for the handles then updating the underlying textarea with javascript.
You can read my article about it here:
http://gcoxdev.com/xpages-notes-style-field
Hope that helps!

How to display HTML inside h:inputTextarea

How to display value with HTML tag inside h:inputTextarea?
In DB I have column contain data, it contain plain text and HTML tag, I want display it on h:inputTextarea. How can I do it?
i want display HTML inside h:inputTextArea it mean in DB contain <br/> or <b> and </b> , when it display on h:inputTextArea it must display bold or break line.
That's not possible due to the nature of HTML <textarea> element. Even, if it was possible this puts doors wide open to XSS injection attacks. Also, how would you ever let the enduser edit the markup in the textarea like changing bold to for example italics or to add another markup? That's plain impossible with a <textarea>.
If your sole intent is to have a rich text editor, then you need to homegrow one with help of a <div> and a good shot of JavaScript or, better, use an existing JSF component which achieves this. For example, PrimeFaces' <p:editor>.
Or, if your sole intent is to display it only, then use <h:outputText> with the escape attribute set to false. Once again, keep XSS risks in mind.
Use the f:verbatim tag -> JSF Verbatim Tag

How to handle encoded inputs that need to be edited?

Using Microsoft's AntiXssLibrary, how do you handle input that needs to be edited later?
For example:
User enters:
<i>title</i>
Saved to the database as:
<i>title</i>
On an edit page, in a text box it displays something like:
<i>title</i> because I've encoded it before displaying in the text box.
User doesn't like that.
Is it ok not to encode when writing to an input control?
Update:
I'm still trying to figure this out. The answers below seem to say to decode the string before displaying, but wouldn't that allow for XSS attacks?
The one user who said that decoding the string in an input field value is ok was downvoted.
Looks like you're encoding it more than once. In ASP.NET, using Microsoft's AntiXss Library you can use the HtmlAttributeEncode method to encode untrusted input:
<input type="text" value="<%= AntiXss.HtmlAttributeEncode("<i>title</i>") %>" />
This results in
<input type="text" value="<i>title</i>" /> in the rendered page's markup and is correctly displayed as <i>title</i> in the input box.
Your problem appears to be double-encoding; the HTML needs to be escaped once (so it can be inserted into the HTML on the page without issue), but twice leads to the encoded version appearing literally.
You can call HTTPUtility.HTMLDecode(MyString) to get the text back to the unencoded form.
If you are allowing users to enter HTML that will then be rendered on the site, you need to do more than just Encode and Decode it.
Using AntiXss prevents attacks by converting script and markup to text. It does not do anything to "clean" markup that will be rendered directly. You're going to have to manually remove script tags, etc. from the user's input to be fully protected in that scenario.
You'll need to strip out script tags as well as JavaScript attributes on legal elements. For example, an attacker could inject malicious code into the onclick or onmouseover attributes.
Yes, the code inside input boxes is safe from scripting attacks and does not need to be encoded.

Resources