This may be heresy to some folk, but you're probably better off doing this client side, if you are able. The Javascript in Version 4.x and above Netscape (and IE too, I think) has a regular expression engine built in. An re to match all possible valid email addrs could be quite large however: http://enterprise.ic.gc.ca/~jfriedl/regex/email-opt.txt Good luck, Bill -----Original Message----- From: Juergen Specht [mailto:specht@speed-link.de] Sent: Thursday, August 26, 1999 9:35 AM To: Andreas Kostyrka Cc: Zope List Subject: Re: [Zope] Validate fields? Andreas Kostyrka wrote:
how can i validate input fields in Zope? If somebody fills something in a input field and i expect an email-adress, how can i check the right syntax? Well, try this: <dtml-if "'@' in field"> GOOD Email address? </dtml-if> Mhm, but this is only a basic check that there is an @ in it. Everybody can use the following strings: @@ bla@bla @bla@ @
not so good...
I know how to do it in perl with regular expressions but in Well, somebody posted a patch or so to add the regular expression module functionality to the DTML namespace ;) Good idea, volunteers anywhere? :)
Juergen _______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope (To receive general Zope announcements, see: http://www.zope.org/mailman/listinfo/zope-announce For developer-specific issues, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
Thanx Bill, ScherBi@BAM.com wrote:
This may be heresy to some folk, but you're probably better off doing this client side, if you are able. The Javascript in Version 4.x and above Netscape (and IE too, I think) has a regular expression engine built in. An re to match all possible valid email addrs could be quite large however: http://enterprise.ic.gc.ca/~jfriedl/regex/email-opt.txt ...but my experience says, that you *never* can trust the client side. It is much better to have this on the server-side:
Input <------------------- | | | | V | Validation not ok --> Error Message ok | | V Work with input. Feature Request: Maybe a good idea to have some configurable Functions inside Zope, like: CheckForValidEmailSyntax CheckForNumbersOnly CheckForCharsOnly CheckForCharsandNumbersOnly Normally you don't need much more. Any volunteers? ;) Juergen
From time to time I've thought about building an HtmlFormManager Product. Instances would allow you to specify the fields in your form, including type information, default presentation (input type, CSS class, etc.), validation, error handling, etc.
It could have methods to auto-generate form input tags, a JScript client-side validation function, etc. Adding DTML Methods to it to define alternate forms would be easy. This is in the middle of my Ample Free Time to-do stack. ----- Original Message ----- From: Juergen Specht <specht@speed-link.de>
Input <------------------- | | | | V | Validation not ok --> Error Message ok | | V Work with input.
Feature Request: Maybe a good idea to have some configurable Functions inside Zope, like: CheckForValidEmailSyntax CheckForNumbersOnly CheckForCharsOnly CheckForCharsandNumbersOnly
Evan Simpson wrote:
From time to time I've thought about building an HtmlFormManager Product. Instances would allow you to specify the fields in your form, including type information, default presentation (input type, CSS class, etc.), validation, error handling, etc.
It could have methods to auto-generate form input tags, a JScript client-side validation function, etc. Adding DTML Methods to it to define alternate forms would be easy.
This is in the middle of my Ample Free Time to-do stack.
After I got my XML based authoring system whipped into basic shape, I'm planning to actually work on ZFormulator (or whatever we'll call it). This'll do somethingl ike that, including also SQL statement generation. I expect I'll start with this next month or so. :) (I also got some simplistic prototype ZClass working that does at least server side validation, and I had someone figure out some client side javascript validation, so the pieces are falling into place) Anyway, anyone who wants to help then will be very welcome. :) Regards, Martijn
Martijn Faassen wrote:
I expect I'll start with this next month or so. :) (I also got some simplistic prototype ZClass working that does at least server side validation, and I had someone figure out some client side javascript validation, so the pieces are falling into place)
Trusting what came from the client side is what caused the Hotmail bug, so you have to do validation on the server side even if you checked on the client side. It does save time for the user, since if they enter a malformed email it'll tell them right away without reloading the whole page. -- Itamar - itamars@ibm.net ---------------------------o----------------------------------------------o Perl/Gimp Greeting Cards | Trust? Ha! The US dollar is backed by ICBMs! | http://www.sealingwax.com | --Anonymous Coward, Slashdot |
oops, clearing the outbox. At 04:08 PM 9/2/99 +0300, Itamar Shtull-Trauring wrote:
Martijn Faassen wrote:
I expect I'll start with this next month or so. :) (I also got some simplistic prototype ZClass working that does at least server side validation, and I had someone figure out some client side javascript validation, so the pieces are falling into place)
Trusting what came from the client side is what caused the Hotmail bug,
sort of. that was just a hole the size of, er, something very big.
so you have to do validation on the server side even if you checked on the client side. It does save time for the user, since if they enter a malformed email it'll tell them right away without reloading the whole page.
try downloading a web page in somewhere like china. speeds are terrible. i'd rather be told that i'd forgotten to enter my surname before submitting than have to wait 30 seconds just to find out. in fact, i probably wouldn't bother resubmitting it unless i really needed the product. then again, i'm anal. for 90% of field validation, client-side is sufficient. use your discretion for the rest. as for email validation (which the previous side-thread mentioned), you simply can't do it in real time. sure, you can check with regexp but what stops me writing an imaginary email address ? yes, you can send them an email but what if their email server is temporarily off line ? you'll get a negative result but the mail will reach them a few hours later if their server goes online again. btw, some people mentioned using regexp in javascript - be aware that only 4.x+ browsers support JS regexp (i still get 10% of visitors using lesser browsers, including the perenially crap msie3) There are a set of validation scripts that do all form validation - i call it the monster form validation script. Originally from netscape. I've put it up at : http://www.skinnyhippo.com/chas/javascript/ I mention this because client-side validation CAN be powerful if you know what you're doing. I've seen scary amounts of production code testing for a null value with if(document.form.field.value=="") - oh oh, what happens if it's a <CR> in a textarea or a space or tab ? See isWhitespace() in the monster validation script for the correct function. it would be not too complex to build a python class or zclass to generate this javascript as well as generate the HTML form tags. (in fact, i've put a basic class that does the latter at www.skinnyhippo.com/chas/python - it's probably grade E python b/c i'm off my head half the time i write code - but you can see how creating something similar to formitem.py and adding the Javascript would be trivial). integrating with zope and rewriting as a zclass (so that we don't have to write <INPUT.... blah> tags for the rest of our lives) will be fun/interesting and something I'll do (along with putting all my other python modules online), when i either get free cycles or sell out for a disgustingly large sum of money. ok, that's all for now. back to zope :) chas
ScherBi@BAM.com wrote:
This may be heresy to some folk, but you're probably better off doing this client side, if you are able. The Javascript in Version 4.x and above Netscape (and IE too, I think) has a regular expression engine built in. An re to match all possible valid email addrs could be quite large however: http://enterprise.ic.gc.ca/~jfriedl/regex/email-opt.txt
Or an External Method that verifies against the correct SMTP server that the email exists . An amazing amount of our gretting cards bounce due to bad email addresses. -- Itamar - itamars@ibm.net ---------------------------o----------------------------------------------o Perl/Gimp Greeting Cards | Trust? Ha! The US dollar is backed by ICBMs! | http://www.sealingwax.com | --Anonymous Coward, Slashdot |
"Itamar S.-T." wrote:
ScherBi@BAM.com wrote:
This may be heresy to some folk, but you're probably better off doing this client side, if you are able. The Javascript in Version 4.x and above Netscape (and IE too, I think) has a regular expression engine built in. An re to match all possible valid email addrs could be quite large however: http://enterprise.ic.gc.ca/~jfriedl/regex/email-opt.txt
Or an External Method that verifies against the correct SMTP server that the email exists . An amazing amount of our gretting cards bounce due to bad email addresses.
Forget this...the most SMTP-Servers did not allow the VRFY-Command anymore, because of security reasons. And this check can take a long time... Juergen
participants (7)
-
chas -
Evan Simpson -
Itamar S.-T. -
Itamar Shtull-Trauring
-
Juergen Specht -
Martijn Faassen -
ScherBi@BAM.com