Primefaces inputMask accept only hex

Question

I'm facing a terrible problem with the update of primefaces from 6.2.5 to 7.0.4. Before i was using a inputMask like this way:

<p:inputMask id="input" value="#{bean.inputs.id}" mask="^^ ^^ ^^ ^^ ^^"
             requiredMessage="#{label.lblRequired}" >
    <f:validator validatorId="Validator"/>
</p:inputMask>

there is also an javascript part where i definie the usage of "^"

$.mask.definitions['^'] = '[A-Fa-f0-9]';

with primefaces 7.0.4 i can't use this pattern anymore as you can see in this commit: Link to primefaces github. Additional if i use this way, there is no error but the value keeps beeing empty but on the webpage it is filled the right way.

My question would be if there is any other way to add a regex to every field of my input? Or is there a pattern that i am missing

What i tried so fare is:

1. add <f:validateRegex pattern="[regex]"/> --> no good
2. add <p:keyFilter regEx="[regex]" /> --> working only on inputText
3. trying to add regex for each "^" --> no good

Answer 1

You are correct that it was broken in PrimeFaces 7.0 with this security fix: https://github.com/primefaces/primefaces/issues/3234

Comment in that thread from the developer who patched this security hole.

jquery.maskedinput lets you define your own rules aka mask definitions, e.g. ~ can be defined to be mapped to + or -. Example from https://github.com/digitalBush/jquery.maskedinput

jQuery(function($){    
   $.mask.definitions['~']='[+-]';   
   $("#eyescript").mask("~9.99 ~9.99 999"); 
}); 

However, PrimeFaces does not seem to implement this feature. So I ignored it in my commit.

So it appears you should comment on that bug ticket saying it caused a regression issue.

Update 9/2/2019: This has been fixed for PF 7.0.8 and 7.1: https://github.com/primefaces/primefaces/issues/5105