You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Nekkalapudi, Viplava" <VN...@erac.com> on 2002/10/24 23:11:53 UTC
RE: JavaScript Validation: MinLength & MaxLength Functions Don't
Work
That's what we implemented now and are going to test it.
Anyway, Thanks.
-----Original Message-----
From: bachan s [mailto:bachan_anand@yahoo.com]
Sent: Thursday, October 24, 2002 4:04 PM
To: Struts Users Mailing List
Cc: 'nhajratw@ford.com'; 'ted@husted.com'
Subject: RE: JavaScript Validation: MinLength & MaxLength Functions
Don't Work
Hi,
If you have noticed the validation would stil occur at the back end (java
part).
If you want password also to be validated at front end change you
validator-rules.xml - javascript function validateMinLength
to the following code .
<javascript><![CDATA[
function validateMinLength(form) {
var bValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oMinLength = new minlength();
for (x in oMinLength) {
if (form[oMinLength[x][0]].type == 'text' ||
form[oMinLength[x][0]].type == 'password' ||
form[oMinLength[x][0]].type == 'textarea') {
var iMin = parseInt(oMinLength[x][2]("minlength"));
if (!(form[oMinLength[x][0]].value.length >= iMin))
{
if (i == 0) {
focusField = form[oMinLength[x][0]];
}
fields[i++] = oMinLength[x][1];
bValid = false;
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return bValid;
}]]>
</javascript>
This should work fine.Let me know.
Bachan
"Nekkalapudi, Viplava" <VN...@erac.com> wrote:It looks like the
min/max length JavaScript functions do NOT work on HTML
"password" fields. We just verified this. I totally agree with
"Hajratwala". Struts should not impose this limitation on the developers.
It is the developers responsibility to control the amount of
security-related information returned to a user, not Struts. I go to
websites all the time where I get a message specifying the size limits for a
password. Does anyone know where the logic is implemented for ignoring the
max/min check on a password? Do others agree that Struts is outside it
boundaries by doing this? If so, maybe my team can submit a patch.
John Hohlen (and Viplava Nekkaplapudi)
-----Original Message-----
From: Hajratwala, Nayan (N.) [mailto:nhajratw@ford.com]
Sent: Thursday, October 24, 2002 3:15 PM
To: 'Struts Users Mailing List'
Subject: RE: JavaScript Validation: MinLength & MaxLength Functions
Don't Work
interesting ... sorry if this has been discussed to death already. If so,
i'll shut up. =)
Shouldn't the decision of displaying the validation be up to the application
developer?
For example, when changing a password, you would have a spot to enter old &
new passwords, but would likely want to put some validation around the new
one (min 6 characters, etc). What would be wrong with displaying that info
to the user?
---
- Nayan Hajratwala
- Chikli Consulting LLC
- http://www.chikli.com
-----Original Message-----
From: Dave Derry [mailto:dderry@acm.org]
Sent: Thursday, October 24, 2002 4:14 PM
To: Struts Users Mailing List
Subject: Re: JavaScript Validation: MinLength & MaxLength Functions
Don't Work
This has been explained before. I think it was by Ted. The reason has to do
with security. Specifying bouinds on the length of a password limits the
universe of potential passwords that a cracker would need to test. And of
course if he/she saw a message saying "Password must be between 6 and 30
characters in length" that would provide that information.
Dave Derry
----- Original Message -----
From: "bachan s"
>
> Can you try removing the required from the depends for password and give
minlength and maxlength. Since minLength is mentioned required is not
necesary.
> Try it and let ue know.
> this may be considered as a bug in struts too.
> Thanks !
> Bachan
>
> "Nekkalapudi, Viplava" wrote: My team can't get
the Struts client-side (i.e. JavaScript) validation
> framework to work. We want to ensure that a password is between 6 and 30
> characters. Has anyone been able to get these checks to work? The
"required"
> field check works, but the "minlength" and "maxlength" do not. Here's what
> our validation.xml file contains:
>
>
> depends="required">
>
>
> depends="required,minlength,maxlength">
>
>
>
>
>
> minlength
> 6
>
>
> maxlength
> 30
>
>
>
>
> Thanks,
>
> JOHN
>
--
To unsubscribe, e-mail:
For additional commands, e-mail:
--
To unsubscribe, e-mail:
For additional commands, e-mail:
--
To unsubscribe, e-mail:
For additional commands, e-mail:
---------------------------------
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>