You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@click.apache.org by Lorenzo Simionato <lo...@simionato.org> on 2010/11/10 15:57:07 UTC

Form Validation

Hi,
I'm new to Click and i can not understand how to validate a form properly.
I except the code of my listener method for the submit to be something like this:

public boolean onSubmit() {
   if (form.isValid()) {
      // All ok, process data
   }
   return true;
}
But isValid returns true even if validation was bypassed, by setting the hidden field
bypass_validation to true.
So the question is how can i be sure that the form is valid before processing the data?

Thanks.

--
Lorenzo Simionato

Re: Form Validation

Posted by Lorenzo Simionato <lo...@simionato.org>.
It seems OK to me, although i'm not a Click expert/developer.

--
Lorenzo

On Nov 16, 2010, at 12:36 , Bob Schellink wrote:

> After pondering this awhile I'm starting to think we should drop the feature. The use case can be
> solved in a more direct way which doesn't raise the security concerns. For example:
> 
> Submit submit = new Submit("done", this, "onSubmit");
> 
> public void onInit() {
>  // We want to check if submit was clicked in onInit, so we do an explicit bind
>  ClickUtils.bind(submit);
> 
>  if( ! submit.isClicked()) {
>    // If Submit was not Clicked (ie. a JS submit), switch off validation
>    form.setValidate(false);
> }
> 
> // onSubmit is only called if Submit was Clicked and validation is on
> public boolean onSubmit() {
>  if(form.isValid() {
>  // do stuff
>  }
> }
> 
> Thoughs?
> 
> Kind regards
> 
> Bob

Re: Form Validation

Posted by Bob Schellink <sa...@gmail.com>.
After pondering this awhile I'm starting to think we should drop the feature. The use case can be
solved in a more direct way which doesn't raise the security concerns. For example:

Submit submit = new Submit("done", this, "onSubmit");

public void onInit() {
  // We want to check if submit was clicked in onInit, so we do an explicit bind
  ClickUtils.bind(submit);

  if( ! submit.isClicked()) {
    // If Submit was not Clicked (ie. a JS submit), switch off validation
    form.setValidate(false);
}

// onSubmit is only called if Submit was Clicked and validation is on
public boolean onSubmit() {
  if(form.isValid() {
  // do stuff
  }
}

Thoughs?

Kind regards

Bob

On 13/11/2010 17:44, Bob Schellink wrote:
> On 11/11/2010 10:31, Bob Schellink wrote:
>> Hi Lorenzo,
>>
>> The proposed fix can be found here:
>>
>> http://markmail.org/message/2slptgc6uhb7xpte
> 
> 
> Maybe we should align with HTML 5 a bit on this. HTML5 has a novalidate attribute allowing
> client-side validation can be skipped. Maybe we should use "novalidate_server" to differentiate?
> 
> Bob
> 
>

Re: Form Validation

Posted by Bob Schellink <sa...@gmail.com>.
On 11/11/2010 10:31, Bob Schellink wrote:
> Hi Lorenzo,
> 
> The proposed fix can be found here:
> 
> http://markmail.org/message/2slptgc6uhb7xpte


Maybe we should align with HTML 5 a bit on this. HTML5 has a novalidate attribute allowing
client-side validation can be skipped. Maybe we should use "novalidate_server" to differentiate?

Bob

Re: Form Validation

Posted by Bob Schellink <sa...@gmail.com>.
Hi Lorenzo,

The proposed fix can be found here:

http://markmail.org/message/2slptgc6uhb7xpte

Hopefully that should address the concerns.

Kind regards

Bob

On 11/11/2010 01:57, Lorenzo Simionato wrote:
> Hi,
> I'm new to Click and i can not understand how to validate a form properly.
> I except the code of my listener method for the submit to be something like this:
> 
> public boolean onSubmit() {
>    if (form.isValid()) {
>       // All ok, process data
>    }
>    return true;
> }
> But isValid returns true even if validation was bypassed, by setting the hidden field
> bypass_validation to true.
> So the question is how can i be sure that the form is valid before processing the data?
> 
> Thanks.
> 
> --
> Lorenzo Simionato

Re: Form Validation

Posted by Moritz Kammerer <mo...@web.de>.
Hi Lorenzo,

i submitted a JIRA ticket regarding this issue.
You can't be sure that the form has been validated.

I solved the problem by extending from the form class, override the
process() method and throw an exception if form validation is bypassed.
Not very shiny, but functional.

I hope this form validation bypassing gets fixed soon.

Kind regards,

Moe

Am 10.11.2010 15:57, schrieb Lorenzo Simionato:
> Hi,
> I'm new to Click and i can not understand how to validate a form properly.
> I except the code of my listener method for the submit to be something like this:
> 
> public boolean onSubmit() {
>    if (form.isValid()) {
>       // All ok, process data
>    }
>    return true;
> }
> But isValid returns true even if validation was bypassed, by setting the hidden field
> bypass_validation to true.
> So the question is how can i be sure that the form is valid before processing the data?
> 
> Thanks.
> 
> --
> Lorenzo Simionato