[Zope] sequence / int handling (DTML)
Dieter Maurer
dieter@handshake.de
Sat, 28 Jun 2003 19:32:51 +0200
Dylan Reinhardt wrote at 2003-6-27 11:28 -0700:
> Dieter's right, of course, but that's not the whole story.
> ....
> IMO, any serious web app should be validating *everything* clients send
> before any action is taken on it.
I like web app's to view through the "Design by Contract" principle (like
almost any other software).
A web app fullfils a contract:
When you (client) send me an URL of a given form, I will send back
a response with some given properties.
When the client does not fulfill its part of the deal (use
the given form), the web app may do whatever it likes (though
it should not damage itself or its data; thus, some security checks
are needed).
> Assuming you're *doing* validation,
> the suffix trick is of dubious value... if you're not doing validation,
> you probably should be. Really, that doesn't leave a lot of useful
> problem space for the suffix trick to cover.
It makes validation a bit easier. You know immediately, that anything
which is not a list is bogus...
Dieter