You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Nekkalapudi, Viplava" <VN...@erac.com> on 2002/10/24 22:47:51 UTC
RE: JavaScript Validation: MinLength & MaxLength Functions Don't
Work
It looks like the min/max length JavaScript functions do NOT work on HTML
"password" fields. We just verified this. I totally agree with
"Hajratwala". Struts should not impose this limitation on the developers.
It is the developers responsibility to control the amount of
security-related information returned to a user, not Struts. I go to
websites all the time where I get a message specifying the size limits for a
password. Does anyone know where the logic is implemented for ignoring the
max/min check on a password? Do others agree that Struts is outside it
boundaries by doing this? If so, maybe my team can submit a patch.
John Hohlen (and Viplava Nekkaplapudi)
-----Original Message-----
From: Hajratwala, Nayan (N.) [mailto:nhajratw@ford.com]
Sent: Thursday, October 24, 2002 3:15 PM
To: 'Struts Users Mailing List'
Subject: RE: JavaScript Validation: MinLength & MaxLength Functions
Don't Work
interesting ... sorry if this has been discussed to death already. If so,
i'll shut up. =)
Shouldn't the decision of displaying the validation be up to the application
developer?
For example, when changing a password, you would have a spot to enter old &
new passwords, but would likely want to put some validation around the new
one (min 6 characters, etc). What would be wrong with displaying that info
to the user?
---
- Nayan Hajratwala
- Chikli Consulting LLC
- http://www.chikli.com
-----Original Message-----
From: Dave Derry [mailto:dderry@acm.org]
Sent: Thursday, October 24, 2002 4:14 PM
To: Struts Users Mailing List
Subject: Re: JavaScript Validation: MinLength & MaxLength Functions
Don't Work
This has been explained before. I think it was by Ted. The reason has to do
with security. Specifying bouinds on the length of a password limits the
universe of potential passwords that a cracker would need to test. And of
course if he/she saw a message saying "Password must be between 6 and 30
characters in length" that would provide that information.
Dave Derry
----- Original Message -----
From: "bachan s" <ba...@yahoo.com>
>
> Can you try removing the required from the depends for password and give
minlength and maxlength. Since minLength is mentioned required is not
necesary.
> Try it and let ue know.
> this may be considered as a bug in struts too.
> Thanks !
> Bachan
>
> "Nekkalapudi, Viplava" <VN...@erac.com> wrote: My team can't get
the Struts client-side (i.e. JavaScript) validation
> framework to work. We want to ensure that a password is between 6 and 30
> characters. Has anyone been able to get these checks to work? The
"required"
> field check works, but the "minlength" and "maxlength" do not. Here's what
> our validation.xml file contains:
>
>
> depends="required">
>
>
> depends="required,minlength,maxlength">
>
>
>
>
>
> minlength
> 6
>
>
> maxlength
> 30
>
>
>
>
> Thanks,
>
> JOHN
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: JavaScript Validation: MinLength & MaxLength Functions Don't Work
Posted by bachan s <ba...@yahoo.com>.
Hi,
If you have noticed the validation would stil occur at the back end (java part).
If you want password also to be validated at front end change you
validator-rules.xml - javascript function validateMinLength
to the following code .
<javascript><![CDATA[
function validateMinLength(form) {
var bValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oMinLength = new minlength();
for (x in oMinLength) {
if (form[oMinLength[x][0]].type == 'text' || form[oMinLength[x][0]].type == 'password' ||
form[oMinLength[x][0]].type == 'textarea') {
var iMin = parseInt(oMinLength[x][2]("minlength"));
if (!(form[oMinLength[x][0]].value.length >= iMin)) {
if (i == 0) {
focusField = form[oMinLength[x][0]];
}
fields[i++] = oMinLength[x][1];
bValid = false;
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return bValid;
}]]>
</javascript>
This should work fine.Let me know.
Bachan
"Nekkalapudi, Viplava" <VN...@erac.com> wrote:It looks like the min/max length JavaScript functions do NOT work on HTML
"password" fields. We just verified this. I totally agree with
"Hajratwala". Struts should not impose this limitation on the developers.
It is the developers responsibility to control the amount of
security-related information returned to a user, not Struts. I go to
websites all the time where I get a message specifying the size limits for a
password. Does anyone know where the logic is implemented for ignoring the
max/min check on a password? Do others agree that Struts is outside it
boundaries by doing this? If so, maybe my team can submit a patch.
John Hohlen (and Viplava Nekkaplapudi)
-----Original Message-----
From: Hajratwala, Nayan (N.) [mailto:nhajratw@ford.com]
Sent: Thursday, October 24, 2002 3:15 PM
To: 'Struts Users Mailing List'
Subject: RE: JavaScript Validation: MinLength & MaxLength Functions
Don't Work
interesting ... sorry if this has been discussed to death already. If so,
i'll shut up. =)
Shouldn't the decision of displaying the validation be up to the application
developer?
For example, when changing a password, you would have a spot to enter old &
new passwords, but would likely want to put some validation around the new
one (min 6 characters, etc). What would be wrong with displaying that info
to the user?
---
- Nayan Hajratwala
- Chikli Consulting LLC
- http://www.chikli.com
-----Original Message-----
From: Dave Derry [mailto:dderry@acm.org]
Sent: Thursday, October 24, 2002 4:14 PM
To: Struts Users Mailing List
Subject: Re: JavaScript Validation: MinLength & MaxLength Functions
Don't Work
This has been explained before. I think it was by Ted. The reason has to do
with security. Specifying bouinds on the length of a password limits the
universe of potential passwords that a cracker would need to test. And of
course if he/she saw a message saying "Password must be between 6 and 30
characters in length" that would provide that information.
Dave Derry
----- Original Message -----
From: "bachan s"
>
> Can you try removing the required from the depends for password and give
minlength and maxlength. Since minLength is mentioned required is not
necesary.
> Try it and let ue know.
> this may be considered as a bug in struts too.
> Thanks !
> Bachan
>
> "Nekkalapudi, Viplava" wrote: My team can't get
the Struts client-side (i.e. JavaScript) validation
> framework to work. We want to ensure that a password is between 6 and 30
> characters. Has anyone been able to get these checks to work? The
"required"
> field check works, but the "minlength" and "maxlength" do not. Here's what
> our validation.xml file contains:
>
>
> depends="required">
>
>
> depends="required,minlength,maxlength">
>
>
>
>
>
> minlength
> 6
>
>
> maxlength
> 30
>
>
>
>
> Thanks,
>
> JOHN
>
--
To unsubscribe, e-mail:
For additional commands, e-mail:
--
To unsubscribe, e-mail:
For additional commands, e-mail:
--
To unsubscribe, e-mail:
For additional commands, e-mail:
---------------------------------
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site