I am programmer and now writing some java code to write the content to the web server folder.
I have the enquires about the possibility of writing contents to a file to web server if hacker is using jsp with ajax by firefox.
(I have moved this discussion to the servlets forum, because JSPs should not do any I/O, or contain any Java code to begin with.)
Because it is possible to tamper with client-side requests (with any client, not just Firefox), any data arriving at the server needs to be validated. If that is done properly, nothing should get saved (or written to a file) that is not authorised. So what you describe sounds like faulty server-side coding, possibly a lazy developer only performing client-side validation - which any web security tutorial will tell you is inadequate.