If a web page comprises of drop downs,radio buttons,check boxes etc for user input and avoid text fields and text area to evade untrusted data(malicious javascript entered by the user). Is such a web page immune to XSS? If not how to secure such an application using ESAPI.
You can edit the form in your browser using for example Firebug and just add any field with any name.
Even more so, you can just forge whole post/get requests with any data you like (using curl or many other tools).
So: no, it is not.