sbp commented on issue #287: URL: https://github.com/apache/tooling-trusted-releases/issues/287#issuecomment-3491590963
Our Quart to Pydantic adapter would be part of a larger system. We want to ensure that validation always occurs, and we want to ensure that errors are always presented to the user with good UI. We want syntactic form errors to be handled automatically by virtue of the existence of the form class validators (including basic types), but we may need to perform business logic after other stages of computation, so we need to be able to perform additional validation in route handler functions with the same good UI guarantees. One potential solution is that we serialise errors as JSON in a flash message with a `form-errors` category. We can then extract the relevant messages on their original pages. But how do we know what the original page is? Much like CSRF protection, we could add an extra automatic field to every page which registers the original URL of the submitting page. We should call this field the `error_report_url` or something along those lines, because we may want to set a custom value in some cases where we must not return to the original form even in case of errors. We should use HTML in the flash message strings, so we should ensure that it can only be constructed with markup safe wrappers. The Quart to Pydantic adapter itself can probably go in the existing `forms.py` module. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
