You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@click.apache.org by Lorenzo Simionato <lo...@simionato.org> on 2010/11/10 15:57:07 UTC
Form Validation
Hi,
I'm new to Click and i can not understand how to validate a form properly.
I except the code of my listener method for the submit to be something like this:
public boolean onSubmit() {
if (form.isValid()) {
// All ok, process data
}
return true;
}
But isValid returns true even if validation was bypassed, by setting the hidden field
bypass_validation to true.
So the question is how can i be sure that the form is valid before processing the data?
Thanks.
--
Lorenzo Simionato
Re: Form Validation
Posted by Lorenzo Simionato <lo...@simionato.org>.
It seems OK to me, although i'm not a Click expert/developer.
--
Lorenzo
On Nov 16, 2010, at 12:36 , Bob Schellink wrote:
> After pondering this awhile I'm starting to think we should drop the feature. The use case can be
> solved in a more direct way which doesn't raise the security concerns. For example:
>
> Submit submit = new Submit("done", this, "onSubmit");
>
> public void onInit() {
> // We want to check if submit was clicked in onInit, so we do an explicit bind
> ClickUtils.bind(submit);
>
> if( ! submit.isClicked()) {
> // If Submit was not Clicked (ie. a JS submit), switch off validation
> form.setValidate(false);
> }
>
> // onSubmit is only called if Submit was Clicked and validation is on
> public boolean onSubmit() {
> if(form.isValid() {
> // do stuff
> }
> }
>
> Thoughs?
>
> Kind regards
>
> Bob
Re: Form Validation
Posted by Bob Schellink <sa...@gmail.com>.
After pondering this awhile I'm starting to think we should drop the feature. The use case can be
solved in a more direct way which doesn't raise the security concerns. For example:
Submit submit = new Submit("done", this, "onSubmit");
public void onInit() {
// We want to check if submit was clicked in onInit, so we do an explicit bind
ClickUtils.bind(submit);
if( ! submit.isClicked()) {
// If Submit was not Clicked (ie. a JS submit), switch off validation
form.setValidate(false);
}
// onSubmit is only called if Submit was Clicked and validation is on
public boolean onSubmit() {
if(form.isValid() {
// do stuff
}
}
Thoughs?
Kind regards
Bob
On 13/11/2010 17:44, Bob Schellink wrote:
> On 11/11/2010 10:31, Bob Schellink wrote:
>> Hi Lorenzo,
>>
>> The proposed fix can be found here:
>>
>> http://markmail.org/message/2slptgc6uhb7xpte
>
>
> Maybe we should align with HTML 5 a bit on this. HTML5 has a novalidate attribute allowing
> client-side validation can be skipped. Maybe we should use "novalidate_server" to differentiate?
>
> Bob
>
>
Re: Form Validation
Posted by Bob Schellink <sa...@gmail.com>.
On 11/11/2010 10:31, Bob Schellink wrote:
> Hi Lorenzo,
>
> The proposed fix can be found here:
>
> http://markmail.org/message/2slptgc6uhb7xpte
Maybe we should align with HTML 5 a bit on this. HTML5 has a novalidate attribute allowing
client-side validation can be skipped. Maybe we should use "novalidate_server" to differentiate?
Bob
Re: Form Validation
Posted by Bob Schellink <sa...@gmail.com>.
Hi Lorenzo,
The proposed fix can be found here:
http://markmail.org/message/2slptgc6uhb7xpte
Hopefully that should address the concerns.
Kind regards
Bob
On 11/11/2010 01:57, Lorenzo Simionato wrote:
> Hi,
> I'm new to Click and i can not understand how to validate a form properly.
> I except the code of my listener method for the submit to be something like this:
>
> public boolean onSubmit() {
> if (form.isValid()) {
> // All ok, process data
> }
> return true;
> }
> But isValid returns true even if validation was bypassed, by setting the hidden field
> bypass_validation to true.
> So the question is how can i be sure that the form is valid before processing the data?
>
> Thanks.
>
> --
> Lorenzo Simionato
Re: Form Validation
Posted by Moritz Kammerer <mo...@web.de>.
Hi Lorenzo,
i submitted a JIRA ticket regarding this issue.
You can't be sure that the form has been validated.
I solved the problem by extending from the form class, override the
process() method and throw an exception if form validation is bypassed.
Not very shiny, but functional.
I hope this form validation bypassing gets fixed soon.
Kind regards,
Moe
Am 10.11.2010 15:57, schrieb Lorenzo Simionato:
> Hi,
> I'm new to Click and i can not understand how to validate a form properly.
> I except the code of my listener method for the submit to be something like this:
>
> public boolean onSubmit() {
> if (form.isValid()) {
> // All ok, process data
> }
> return true;
> }
> But isValid returns true even if validation was bypassed, by setting the hidden field
> bypass_validation to true.
> So the question is how can i be sure that the form is valid before processing the data?
>
> Thanks.
>
> --
> Lorenzo Simionato