DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12473>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12473 password fields are not validated using javscript (lengths) [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |UNCONFIRMED Resolution|WONTFIX | ------- Additional Comments From [EMAIL PROTECTED] 2003-10-06 21:46 ------- If one modifies the JavaScript in validator-rules.xml, then what happens if in Struts 1.2 or a future release, the JavaScript is modified by the default Struts implementation? One is left with the job of merging their changes into the new Struts implementation. I don't think that this is an approach you want developers to take. You have also not answered one of my main concerns. Struts *is* currently revealing the password length requirements (do a "View Source" and see for yourself - all the error message text which would be displayed on the server side is in the JavaScript that is sent to the browser). If you think it is a poor practice, then the Struts Validator should be modified so that it does not reveal the error message text for password fields. One could also argue that the html:password tag should not be sending the password back in clear text by default. As it stands now, I do not see why allowing client side validation on password fields would be any more damaging than revealing the field length requirements in the page source and on the server side on validation errors (which occurs in the 1.1 release). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
