You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "Howard M. Lewis Ship (JIRA)" <de...@tapestry.apache.org> on 2008/08/06 17:10:44 UTC
[jira] Updated: (TAPESTRY-2547) Field validation is bypassed if
form action url is used as a GET url
[ https://issues.apache.org/jira/browse/TAPESTRY-2547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Howard M. Lewis Ship updated TAPESTRY-2547:
-------------------------------------------
Priority: Major (was: Blocker)
Typing a form's URL into as a GET will perform no work, because the t:formdata query parameter will be empty.
I'm thinking of making Tapestry reject requests that use a GET to invoke a form, or have no t:formdata entries.
> Field validation is bypassed if form action url is used as a GET url
> --------------------------------------------------------------------
>
> Key: TAPESTRY-2547
> URL: https://issues.apache.org/jira/browse/TAPESTRY-2547
> Project: Tapestry
> Issue Type: Bug
> Components: tapestry-core
> Affects Versions: 5.0.13
> Reporter: Francois Armand
>
> We have a form, the simpliest one is ok, say this one on "TestPage" page :
> <t:form>
> <t:textfield t:id="field" t:validate="required" t:value="value" />
> <t:submit/>
> </t:form>
> This form is supposed to required a a non empty value for value.
> All goes fine if we click on ok, but if a twisted tester try to enter directly the action url in the browser ( t5app/testpage.form), the field level validation are bypassed (but all form events are throws and so the one done in "onValidateFormFrom" arecorrectly performed).
> The result is that the form may be successful with inconsistent data, in our case a null value.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org
Re: [jira] Updated: (TAPESTRY-2547) Field validation is bypassed
if form action url is used as a GET url
Posted by Fernando Padilla <fe...@alum.mit.edu>.
please allow method=GET forms :) At times those are handy for other
reasons.
but yes if there is no t:formdata, then you can assume a "corrupted"
form submit, and can just mark it "invalidated" at the get go :) Or
totally ignore that form action.
Howard M. Lewis Ship (JIRA) wrote:
> [ https://issues.apache.org/jira/browse/TAPESTRY-2547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Howard M. Lewis Ship updated TAPESTRY-2547:
> -------------------------------------------
>
> Priority: Major (was: Blocker)
>
> Typing a form's URL into as a GET will perform no work, because the t:formdata query parameter will be empty.
>
> I'm thinking of making Tapestry reject requests that use a GET to invoke a form, or have no t:formdata entries.
>
>> Field validation is bypassed if form action url is used as a GET url
>> --------------------------------------------------------------------
>>
>> Key: TAPESTRY-2547
>> URL: https://issues.apache.org/jira/browse/TAPESTRY-2547
>> Project: Tapestry
>> Issue Type: Bug
>> Components: tapestry-core
>> Affects Versions: 5.0.13
>> Reporter: Francois Armand
>>
>> We have a form, the simpliest one is ok, say this one on "TestPage" page :
>> <t:form>
>> <t:textfield t:id="field" t:validate="required" t:value="value" />
>> <t:submit/>
>> </t:form>
>> This form is supposed to required a a non empty value for value.
>> All goes fine if we click on ok, but if a twisted tester try to enter directly the action url in the browser ( t5app/testpage.form), the field level validation are bypassed (but all form events are throws and so the one done in "onValidateFormFrom" arecorrectly performed).
>> The result is that the form may be successful with inconsistent data, in our case a null value.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org