|
Field Validation
Just wondered where/how any of you perform field validation for data entry within your forms before I try to re-invent the wheel. Do you just subclass WebInputField and add a validationBlock or some such thing?
Rob Rothwell
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
Rob Rothwell wrote:
> Just wondered where/how any of you perform field validation for data
> entry within your forms before I try to re-invent the wheel.
> Do you just subclass WebInputField and add a validationBlock or some
> such thing?
This is a possibility, other more usual is to make a validation in an
action method. Note also the error reporting support in WebApplication.
Let me make an approximate example:
actionForm
self entriesValid
ifTrue: [self redirectToView: #confirmation]
ifFalse:
[self error: 'Entries invalid'.
self redirectToView: #form]
viewForm
self add: self errorReport. "empty, of no error, otherwise red text"
"your form here"
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
Also, it would be nice to enhance field validation and error reporting a
bit. I'm thinking about ajaxified validation immediately after data
entry and immediate error reporting near the field. Non-intrusive and
elegant.
We can do that by extending WebInputField (WebFormElement?) to include a
validation block, which is executed immediately after data entry. We can
also provide convenience methods for some most usual validations like
date, email, numbers etc.
Any more ideas?
Janko
Janko Mivšek wrote:
> Rob Rothwell wrote:
>
>> Just wondered where/how any of you perform field validation for data
>> entry within your forms before I try to re-invent the wheel.
>
>> Do you just subclass WebInputField and add a validationBlock or some
>> such thing?
>
> This is a possibility, other more usual is to make a validation in an
> action method. Note also the error reporting support in WebApplication.
> Let me make an approximate example:
>
> actionForm
>
> self entriesValid
> ifTrue: [self redirectToView: #confirmation]
> ifFalse:
> [self error: 'Entries invalid'.
> self redirectToView: #form]
>
>
> viewForm
>
> self add: self errorReport. "empty, of no error, otherwise red text"
> "your form here"
>
>
>
>
>
>
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
On Thu, Mar 13, 2008 at 8:33 AM, Janko Mivšek < janko.mivsek@...> wrote:
Also, it would be nice to enhance field validation and error reporting a
bit. I'm thinking about ajaxified validation immediately after data
entry and immediate error reporting near the field. Non-intrusive and
elegant.
We can do that by extending WebInputField (WebFormElement?) to include a
validation block, which is executed immediately after data entry. We can
also provide convenience methods for some most usual validations like
date, email, numbers etc.
Any more ideas?
I guess that was sort of what I was wondering about after playing
around with Magritte in Seaside a bit. It would put the specified
error message right there on the form, but was not "ajaxified" (I don't
think). It just performed the validation rules upon form entry, with
a syntax like:
(StringDescription selector: #email label: 'E-Mail Address')
addCondition: [ :value |
(value matches: '*#@#*.#*')
& (value endsWith: '.ch') ] asCondition
label: 'Invalid E-Mail';
yourself.
You would then send a message like "asComponentOn:" to the "Description" of the object to get a Morphic/Seaside component, ready to add to your form.
I suppose the Magritte framework could be extended to use Aida objects,
if you thought that would be worthwhile. Then you would be describing
your domain with "Meta objects" that "knew" how to display themselves
in Aida. I don't have enough experience to know if the overhead of a Meta-framework is worth it for most applications, though.
Rob
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
Rob Rothwell wrote:
> Also, it would be nice to enhance field validation and error reporting a
> bit. I'm thinking about ajaxified validation immediately after data
> entry and immediate error reporting near the field. Non-intrusive and
> elegant.
>
> We can do that by extending WebInputField (WebFormElement?) to include a
> validation block, which is executed immediately after data entry. We can
> also provide convenience methods for some most usual validations like
> date, email, numbers etc.
> I guess that was sort of what I was wondering about after playing around
> with Magritte in Seaside a bit. It would put the specified error
> message right there on the form, but was not "ajaxified" (I don't
> think). It just performed the validation rules upon form entry, with a
> syntax like:
>
> (StringDescription selector: #email label: 'E-Mail Address')
> addCondition: [ :value |
> (value matches: '*#@#*.#*')
> & (value endsWith: '.ch') ] asCondition
> label: 'Invalid E-Mail';
> yourself.
>
> You would then send a message like "asComponentOn:" to the "Description"
> of the object to get a Morphic/Seaside component, ready to add to your form.
>
> I suppose the Magritte framework could be extended to use Aida objects,
> if you thought that would be worthwhile. Then you would be describing
> your domain with "Meta objects" that "knew" how to display themselves in
> Aida.
>
> I don't have enough experience to know if the overhead of a
> Meta-framework is worth it for most applications, though.
I also have a similar doubt and for now it would be most user friendly
to extend WebFormElement, so that you'll have a code like:
e addInputFieldAspect: #email
for: self observee
validIf: [:value |
(value matches: '*#@#*.#*') & (value endsWith: '.ch')
errorText: 'Invalid E-Mail'
Maybe method could be named better...
Janko
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
Look at this JSValidate demo. That's how I see to make the error
reporting of validations most non-intrussible but informative:
http://www.jsvalidate.com/demo/Go to the first field and just tab out to see, how error will be shown.
Janko
Janko Mivšek wrote:
> Rob Rothwell wrote:
>
>> Also, it would be nice to enhance field validation and error reporting a
>> bit. I'm thinking about ajaxified validation immediately after data
>> entry and immediate error reporting near the field. Non-intrusive and
>> elegant.
>>
>> We can do that by extending WebInputField (WebFormElement?) to include a
>> validation block, which is executed immediately after data entry. We can
>> also provide convenience methods for some most usual validations like
>> date, email, numbers etc.
>
>> I guess that was sort of what I was wondering about after playing around
>> with Magritte in Seaside a bit. It would put the specified error
>> message right there on the form, but was not "ajaxified" (I don't
>> think). It just performed the validation rules upon form entry, with a
>> syntax like:
>>
>> (StringDescription selector: #email label: 'E-Mail Address')
>> addCondition: [ :value |
>> (value matches: '*#@#*.#*')
>> & (value endsWith: '.ch') ] asCondition
>> label: 'Invalid E-Mail';
>> yourself.
>>
>> You would then send a message like "asComponentOn:" to the "Description"
>> of the object to get a Morphic/Seaside component, ready to add to your form.
>>
>> I suppose the Magritte framework could be extended to use Aida objects,
>> if you thought that would be worthwhile. Then you would be describing
>> your domain with "Meta objects" that "knew" how to display themselves in
>> Aida.
>>
>> I don't have enough experience to know if the overhead of a
>> Meta-framework is worth it for most applications, though.
>
> I also have a similar doubt and for now it would be most user friendly
> to extend WebFormElement, so that you'll have a code like:
>
> e addInputFieldAspect: #email
> for: self observee
> validIf: [:value |
> (value matches: '*#@#*.#*') & (value endsWith: '.ch')
> errorText: 'Invalid E-Mail'
>
> Maybe method could be named better...
>
>
> Janko
>
>
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
On Thu, Mar 13, 2008 at 10:12 AM, Janko Mivšek < janko.mivsek@...> wrote:
I also have a similar doubt and for now it would be most user friendly
to extend WebFormElement, so that you'll have a code like:
e addInputFieldAspect: #email
for: self observee
validIf: [:value |
(value matches: '*#@#*.#*') & (value endsWith: '.ch')
errorText: 'Invalid E-Mail'
Maybe method could be named better...
I like how simple Aida is, and while "all you had to do" in Magritte to add a new data element to a form was add it's description on the class side, it was still another layer of abstraction which made it more difficult for me.
Your method above is what I was planning on trying to create to make sure my account numbers had the right number of digits, etc... As for naming methods, I'm still not very good at that myself! Rob
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
|
|
Re: Field Validation
|
|
Re: Field Validation
Do you mean, for example, that I can make sure in an Ajax client that I have a 7 digit account number, but on the server I have to make sure it actually exists before I start trying to look up information about that account?
So...syntactic validation versus data validation? Rob On Thu, Mar 13, 2008 at 10:44 AM, Nicolas Petton < petton.nicolas@...> wrote:
Ok, all this could be good, but don't you think that it is more
important to validate on the server side ?The risk here is that people
won't validate on server side, and lots of errors could happen.
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
-- The foolish reject what they see, not what they think; the wise reject what they think, not what they see. -- Huang Po
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
Some parts of this message have been removed.
Learn more about Nabble's security policy.
I mean that client side validation is dangerous, especially with js code. For example, what if js is disabled on the client web browser? The form will be validated. Try on the website given by Janko, disable js and try it.
This introduces several vulnerabilities. Nico 2008/3/13, Rob Rothwell <r.j.rothwell@...>:
Do you mean, for example, that I can make sure in an Ajax client that I have a 7 digit account number, but on the server I have to make sure it actually exists before I start trying to look up information about that account?
So...syntactic validation versus data validation?
Rob
Ok, all this could be good, but don't you think that it is more
important to validate on the server side ?The risk here is that people
won't validate on server side, and lots of errors could happen.
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
--
The foolish reject what they see, not what they think; the wise reject what they think, not what they see. -- Huang Po
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
-- Nicolas Petton http://nico.bioskop.fr
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
On Thu, 13 Mar 2008 19:28:57 +0100
"nicolas petton" < petton.nicolas@...> wrote:
> I mean that client side validation is dangerous, especially with js code.
> For example, what if js is disabled on the client web browser? The form will
> be validated. Try on the website given by Janko, disable js and try it.
> This introduces several vulnerabilities.
Split responsibilities:
Client side: syntax check
Server side: content check
The content check should not rely on getting valid syntax from the
client. Even if JavaScript is active, you still have to be prepared for
requests generated by some automatism, where client side activity
is usually by-passed.
s.
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
Le jeudi 13 mars 2008 à 20:23 +0100, Stefan Schmiedl a écrit :
> On Thu, 13 Mar 2008 19:28:57 +0100
> "nicolas petton" < petton.nicolas@...> wrote:
>
> > I mean that client side validation is dangerous, especially with js code.
> > For example, what if js is disabled on the client web browser? The form will
> > be validated. Try on the website given by Janko, disable js and try it.
> > This introduces several vulnerabilities.
>
> Split responsibilities:
> Client side: syntax check
> Server side: content check
Yes, it could be done, but it would complicate a lot. You have to check
twice. I would just improve the current validation form to be better and
simpler, without any javascript addition.
Cheers!
Nico
--
Nicolas Petton
http://nico.bioskop.fr ___
ooooooo
OOOOOOOOO
|Smalltalk|
OOOOOOOOO
ooooooo
\ /
[|]
--------------------------------
Ma clé PGP est disponible ici :
http://nico.bioskop.fr/pgp-key.html _______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
On Thu, 13 Mar 2008 20:58:33 +0100
Nicolas Petton < petton.nicolas@...> wrote:
>
> Le jeudi 13 mars 2008 à 20:23 +0100, Stefan Schmiedl a écrit :
> > On Thu, 13 Mar 2008 19:28:57 +0100
> > "nicolas petton" < petton.nicolas@...> wrote:
> >
> > > I mean that client side validation is dangerous, especially with js code.
> > > For example, what if js is disabled on the client web browser? The form will
> > > be validated. Try on the website given by Janko, disable js and try it.
> > > This introduces several vulnerabilities.
> >
> > Split responsibilities:
> > Client side: syntax check
> > Server side: content check
>
> Yes, it could be done, but it would complicate a lot. You have to check
> twice.
But not the same things. I'd have a 'dumb' syntax-check in
JavaScript and a 'smart' content check in Smalltalk. With this setup I get
*immediate* client-side typo-warnings (no request-response-cycle)
and coherent entries in the application.
Consider a simple address book and a form for doing a reverse lookup
for phone numbers.
Client: "digits only"
Server: "search application model"
s.
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
>>> I mean that client side validation is dangerous, especially with js code.
>>> For example, what if js is disabled on the client web browser? The form will
>>> be validated. Try on the website given by Janko, disable js and try it.
>>> This introduces several vulnerabilities.
>> Split responsibilities:
>> Client side: syntax check
>> Server side: content check
>
> Yes, it could be done, but it would complicate a lot. You have to check
> twice. I would just improve the current validation form to be better and
> simpler, without any javascript addition.
I also think that validation should be completely done on server side,
but we can use Ajax to have immediate validation, as that it occurred on
client side. And if the user switch-off JS, it will still work. I think
we can we can actually extend WebFormElement to have such hybrid
validation error reporting, real-time if JS is on and after the submit
if JS is off. That last one needs to work always anyway!
Janko
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
Just to clarify a bit. I provided that example just to show UI part of
story, how to report validation errors, that is. I didn't mean that we
need to use that library, but just the idea how to show errors, simply,
non-intrusivelly.
Janko
Nicolas Petton wrote:
> Le jeudi 13 mars 2008 à 15:21 +0100, Janko Mivšek a écrit :
>> Look at this JSValidate demo. That's how I see to make the error
>> reporting of validations most non-intrussible but informative:
>>
>> http://www.jsvalidate.com/demo/>>
> The release date is a bit old. Does it work with current prototype and
> s.a.u ?
>
> Cheers!
>
> Nico
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Aida mailing list
> Aida@...
> http://lists.aidaweb.si/mailman/listinfo/aida--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
On Fri, 14 Mar 2008 01:30:50 +0100
Janko Mivšek < janko.mivsek@...> wrote:
> I also think that validation should be completely done on server side,
> but we can use Ajax to have immediate validation, as that it occurred on
> client side. And if the user switch-off JS, it will still work.
How will A*J*AX verification work if you switch off the J?
> I think
> we can we can actually extend WebFormElement to have such hybrid
> validation error reporting, real-time if JS is on and after the submit
> if JS is off. That last one needs to work always anyway!
>
Depending on your internet connection and the server load a
request-response-cycle can very well take noticeable time. And this can
happen easily even in the days of broadband connections. Just imagine
sitting in an office sharing a 2 MBit downstream 128kBit upstream
connection with 40 other people just sending and receiving mails.
Under those circumstances, even telnetting to an external machine is a
drag...
s.
_______________________________________________
Aida mailing list
Aida@...
http://lists.aidaweb.si/mailman/listinfo/aida
|
|
Re: Field Validation
|
signature.asc (196 bytes)