RE: [WSG] Form Builder
Title: Form Builder Hi Erwin I see no issues with client side form validation and web standards, some validation should always be in place when accepting user input. This can either be done on the server (which requires a postback event to be triggered which means at least one round trip to the server before the input is accepted. On a busy site this would be expensive on resources. Hence, the optimum solution is the have the client browser perform validation BEFORE submission to the server. The has no impact on the standards applied to the site other than the fact that any user feedback (x)html that is generated from the _javascript_ should be in a w3c standard for the doctype. From a security standpoint always validate user input from an untrusted source to prevent any client side injection attacks. Personally I would rather develop the validation tools and forms myself. As I use .net this is a snip (especially in the beta of asp.net 2.0 as the markup generated here is xhtml compliant). It will be interesting to see what others in the group come back with. HTH Peter Goddard From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erwin HeiserSent: 20 July 2005 13:06To: wsg@webstandardsgroup.orgSubject: [WSG] Form Builder Hi all,I stumbled across this Formbuilder application this morning:http://www.formassembly.com/Has anyone here ever used it on a site?They claim to produce valid forms but most of the example forms do not pass the W3C validator.And where does the group stand on client-side (_javascript_) form validation?Thanks,Erwin Heiser --No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 7/19/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 7/19/2005
Re: [WSG] Form Builder
Peter Goddard wrote: Hence, the optimum solution is the have the client browser perform validation BEFORE submission to the server. From a security standpoint always validate user input from an untrusted source to prevent any client side injection attacks. Not just security: some users may have javascript disabled, or completely unavailable. Client side validation is a nice usability enhancement when it works, but should *always* be backed up by server side validation. -- Patrick H. Lauke __ re·dux (adj.): brought back; returned. used postpositively [latin : re-, re- + dux, leader; see duke.] www.splintered.co.uk | www.photographia.co.uk http://redux.deviantart.com __ Web Standards Project (WaSP) Accessibility Task Force http://webstandards.org/ __ ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **