Block Request for Inaccessible Widgets
Non-existed Component is Safer than Invisible One
Users can easily access inaccessible elements (such as disabled or invisible ones) by a browser developer tool. For example, a hostile user can make an invisible button visible and then click it to trigger unexpected actions. Thus, it is recommended not to create an element if it is not supposed to be accessible. For example, the first statement is safer than the second one in the following example:
<button unless="${accessible}"/>
<button visible="${accessible}"/>
Block with InaccessibleWidgetBlockService
Since 5.0.0
- Available for ZK:
If you want to block a request for inaccessible widgets for the whole application or for a particular desktop, you can implement the org.zkoss.zk.au.AuService interface to filter out unwanted requests. ZK Enterprise Edition has provided a simple implementation called InaccessibleWidgetBlockService. To apply it to the whole application, just specify the following in WEB-INF/zk.xml as follows.
<listener>
<listener-class>org.zkoss.zkmax.au.InaccessibleWidgetBlockService$DesktopInit</listener-class>
</listener>
Then, each time a desktop is created, an instance of InaccessibleWidgetBlockService is added to the desktop to block the requests from the inaccessible widgets.
In many cases, you just want to block particular events, not all events. For example, you want to receive onOpen when a menupopup is going to show up. Then, you can specify a library property called IWBS.events to control the behavior of InaccessibleWidgetBlockService. For example,
<library-property>
<name>org.zkoss.zkmax.au.IWBS.events</name>
<value>onClick,onChange,onSelect</value>
</library-property>
Implement Your Own Block
The implementation of AuService is straightforward. For example, the following example blocks only button and onClick:
public class MyBlockService implements org.zkoss.zk.au.AuService {
public boolean service(AuRequest request, boolean everError) {
final Component comp = request.getComponent();
return (comp instanceof Button) && "onClick".equals(request.getCommand());
//true means block
}
}
Supported Components
All invisible components would be blocked. Some components would be blocked when they are disabled/readonly, as follow.
Component |
---|
Button |
A |
Listbox |
Menuitem |
Navitem |
Textbox |
Tree |
Intbox |
Spinner |
Doublebox |
Decimalbox |
Longbox |
Doublespinner |
Timepicker |
Timebox |
Checkbox |
Datebox |
Combobox |
Chosenbox |
Selectbox |
Version History
Version | Date | Content |
---|---|---|
8.0.3 | 2016/09/21 | Add "supported components" table |