Hi,
I just copied the revised proposal for reference, see the previous post for context.
On 06.02.2012, at 23:07, Edward Burns wrote:
> Ok, here's the revised proposal.
>
> * Change the javadoc of ResponseStateManager.VIEW_STATE_PARAM:
>
> Index: jsf-api/src/main/java/javax/faces/render/ResponseStateManager.java
> ===================================================================
> --- jsf-api/src/main/java/javax/faces/render/ResponseStateManager.java (revision 9649)
> +++ jsf-api/src/main/java/javax/faces/render/ResponseStateManager.java (working copy)
> @@ -78,9 +78,15 @@
>
> /**
> * <p><span class="changed_modified_2_0
> - * changed_modified_2_2">Implementations</span> must use this value
> - * as the name of the client parameter in which to save the state
> - * between requests.</p>
> + * changed_modified_2_2">Implementations</span> must use this constant field
> + * value as the name of the client parameter in which to save the state
> + * between requests. <span class="changed_added_2_2">The <code>id</code>
> + * attribute must be a concatenation of the return from
> + * {_at_link javax.faces.component.UIViewRoot#getContainerClientId}, the
> + * return from {_at_link javax.faces.component.UINamingContainer#getSeparatorChar},
> + * and this constant field value.</span>
> + *
> + * </span></p>
>
> * <p class="changed_added_2_0">It is strongly recommend that
> * implementations guard against cross site scripting attacks by at
>
> * Change the contract for the Ajax XML response to require that the
> <partial-response> element now have an "id" attribute whose value is
> the return from UIViewRoot.getContainerClientId()
The problem with this proposal, is that we would have the same id again for multiple forms on one page.
Maybe a solution could be to do:
concatenation of the return from
{_at_link javax.faces.component.UIViewRoot#getContainerClientId},
the return from {_at_link javax.faces.component.UINamingContainer#getSeparatorChar},
this constant field value,
the return from {_at_link javax.faces.component.UINamingContainer#getSeparatorChar},
and an incremented counter for every viewstate formfield.
That would allow for jsf.js to iterate over every viewstate hidden field by Id until none is found.
We could also get rid of the id at all or use an arbitrary one, by moving the javax.faces.component.UIViewRoot#getContainerClientId into the name attribute.
I haven't checked the implementations for jsf.js if there are some pitfalls to consider...
Imre