Re: [cgiapp] Persistence

Fri, 08 Feb 2008 11:15:18 -0800 

Slightly offtopic plug... there's no extra work to do javascript validation
if using Data::FormValidator for your validation.
http://search.cpan.org/~markstos/Data-FormValidator-4.57/
http://developer.berlios.de/projects/formvalidatorjs/

Makes the user experience much better when they don't have to post data to
your server just to figure out if they formatted their dates correctly and
such.
--
Josh I.

On Feb 8, 2008 10:28 AM, Michael Peters <[EMAIL PROTECTED]> wrote:

>
>
> Ron Savage wrote:
> > On Wed, 2008-02-06 at 17:16 -0500, Michael Peters wrote:
> >
> > Hi Michael
> >
> >> This is why escaping any data that could potentially come from a user
> is so
> >> important.
> >
> > Not just escaping. OP should be warned that server code cannot just rely
> > on Javascript-base validation. Someone might disable Javascript and
> > sumbit something nasty. That means the validation should be duplicated
> > on the server too. And yes, that's a PITA.
>
> Very true. In fact, I almost never do Javascript validation because of
> this. Why
> duplicate my effort? But, it's important to remember that unless you're
> allowing
> your users to submit HTML or JS code, validation is not what prevents XSS.
> It's
> output encoding:
>
>
> http://www.oreillynet.com/onlamp/blog/2005/10/repeat_after_me_lack_of__outpu.html
>
> --
> Michael Peters
> Developer
> Plus Three, LP
>
>
> #####  CGI::Application community mailing list  ################
> ##                                                            ##
> ##  To unsubscribe, or change your message delivery options,  ##
> ##  visit:  http://www.erlbaum.net/mailman/listinfo/cgiapp    ##
> ##                                                            ##
> ##  Web archive:   http://www.erlbaum.net/pipermail/cgiapp/   ##
> ##  Wiki:          http://cgiapp.erlbaum.net/                 ##
> ##                                                            ##
> ################################################################
>
>

#####  CGI::Application community mailing list  ################
##                                                            ##
##  To unsubscribe, or change your message delivery options,  ##
##  visit:  http://www.erlbaum.net/mailman/listinfo/cgiapp    ##
##                                                            ##
##  Web archive:   http://www.erlbaum.net/pipermail/cgiapp/   ##
##  Wiki:          http://cgiapp.erlbaum.net/                 ##
##                                                            ##
################################################################

Reply via email to