oops, clearing the outbox. At 04:08 PM 9/2/99 +0300, Itamar Shtull-Trauring wrote:
Martijn Faassen wrote:
I expect I'll start with this next month or so. :) (I also got some simplistic prototype ZClass working that does at least server side validation, and I had someone figure out some client side javascript validation, so the pieces are falling into place)
Trusting what came from the client side is what caused the Hotmail bug,
sort of. that was just a hole the size of, er, something very big.
so you have to do validation on the server side even if you checked on the client side. It does save time for the user, since if they enter a malformed email it'll tell them right away without reloading the whole page.
try downloading a web page in somewhere like china. speeds are terrible. i'd rather be told that i'd forgotten to enter my surname before submitting than have to wait 30 seconds just to find out. in fact, i probably wouldn't bother resubmitting it unless i really needed the product. then again, i'm anal. for 90% of field validation, client-side is sufficient. use your discretion for the rest. as for email validation (which the previous side-thread mentioned), you simply can't do it in real time. sure, you can check with regexp but what stops me writing an imaginary email address ? yes, you can send them an email but what if their email server is temporarily off line ? you'll get a negative result but the mail will reach them a few hours later if their server goes online again. btw, some people mentioned using regexp in javascript - be aware that only 4.x+ browsers support JS regexp (i still get 10% of visitors using lesser browsers, including the perenially crap msie3) There are a set of validation scripts that do all form validation - i call it the monster form validation script. Originally from netscape. I've put it up at : http://www.skinnyhippo.com/chas/javascript/ I mention this because client-side validation CAN be powerful if you know what you're doing. I've seen scary amounts of production code testing for a null value with if(document.form.field.value=="") - oh oh, what happens if it's a <CR> in a textarea or a space or tab ? See isWhitespace() in the monster validation script for the correct function. it would be not too complex to build a python class or zclass to generate this javascript as well as generate the HTML form tags. (in fact, i've put a basic class that does the latter at www.skinnyhippo.com/chas/python - it's probably grade E python b/c i'm off my head half the time i write code - but you can see how creating something similar to formitem.py and adding the Javascript would be trivial). integrating with zope and rewriting as a zclass (so that we don't have to write <INPUT.... blah> tags for the rest of our lives) will be fun/interesting and something I'll do (along with putting all my other python modules online), when i either get free cycles or sell out for a disgustingly large sum of money. ok, that's all for now. back to zope :) chas