Thanks! Actually, we ended up creating our own custom JavaScript methods called "validatePasswordMinLength" and "validatePasswordMaxLength" and placed them in our own "abc-validator-rules.xml" file. These two functions only work on password fields. We placed these new functions in our own file because we didn't want modify the default "validator-rules.xml" file. This will shield us from having to make changes each time the default rules file is updated due to a new Struts release. If the password fields are eventually added to the "validateMinlength" and "validateMaxLenth" functions, as I think they should be, then we'll simply deprecate our password specific functions.
John (and Vip) -----Original Message----- From: bachan s [mailto:bachan_anand@;yahoo.com] Sent: Thursday, October 24, 2002 4:04 PM To: Struts Users Mailing List Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: JavaScript Validation: MinLength & MaxLength Functions Don't Work Hi, If you have noticed the validation would stil occur at the back end (java part). If you want password also to be validated at front end change you validator-rules.xml - javascript function validateMinLength to the following code . <javascript><![CDATA[ function validateMinLength(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); oMinLength = new minlength(); for (x in oMinLength) { if (form[oMinLength[x][0]].type == 'text' || form[oMinLength[x][0]].type == 'password' || form[oMinLength[x][0]].type == 'textarea') { var iMin = parseInt(oMinLength[x][2]("minlength")); if (!(form[oMinLength[x][0]].value.length >= iMin)) { if (i == 0) { focusField = form[oMinLength[x][0]]; } fields[i++] = oMinLength[x][1]; bValid = false; } } } if (fields.length > 0) { focusField.focus(); alert(fields.join('\n')); } return bValid; }]]> </javascript> This should work fine.Let me know. Bachan "Nekkalapudi, Viplava" <[EMAIL PROTECTED]> wrote:It looks like the min/max length JavaScript functions do NOT work on HTML "password" fields. We just verified this. I totally agree with "Hajratwala". Struts should not impose this limitation on the developers. It is the developers responsibility to control the amount of security-related information returned to a user, not Struts. I go to websites all the time where I get a message specifying the size limits for a password. Does anyone know where the logic is implemented for ignoring the max/min check on a password? Do others agree that Struts is outside it boundaries by doing this? If so, maybe my team can submit a patch. John Hohlen (and Viplava Nekkaplapudi) -----Original Message----- From: Hajratwala, Nayan (N.) [mailto:nhajratw@;ford.com] Sent: Thursday, October 24, 2002 3:15 PM To: 'Struts Users Mailing List' Subject: RE: JavaScript Validation: MinLength & MaxLength Functions Don't Work interesting ... sorry if this has been discussed to death already. If so, i'll shut up. =) Shouldn't the decision of displaying the validation be up to the application developer? For example, when changing a password, you would have a spot to enter old & new passwords, but would likely want to put some validation around the new one (min 6 characters, etc). What would be wrong with displaying that info to the user? --- - Nayan Hajratwala - Chikli Consulting LLC - http://www.chikli.com -----Original Message----- From: Dave Derry [mailto:dderry@;acm.org] Sent: Thursday, October 24, 2002 4:14 PM To: Struts Users Mailing List Subject: Re: JavaScript Validation: MinLength & MaxLength Functions Don't Work This has been explained before. I think it was by Ted. The reason has to do with security. Specifying bouinds on the length of a password limits the universe of potential passwords that a cracker would need to test. And of course if he/she saw a message saying "Password must be between 6 and 30 characters in length" that would provide that information. Dave Derry ----- Original Message ----- From: "bachan s" > > Can you try removing the required from the depends for password and give minlength and maxlength. Since minLength is mentioned required is not necesary. > Try it and let ue know. > this may be considered as a bug in struts too. > Thanks ! > Bachan > > "Nekkalapudi, Viplava" wrote: My team can't get the Struts client-side (i.e. JavaScript) validation > framework to work. We want to ensure that a password is between 6 and 30 > characters. Has anyone been able to get these checks to work? The "required" > field check works, but the "minlength" and "maxlength" do not. Here's what > our validation.xml file contains: > > > depends="required"> > > > depends="required,minlength,maxlength"> > > > > > > minlength > 6 > > > maxlength > 30 > > > > > Thanks, > > JOHN > -- To unsubscribe, e-mail: For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: --------------------------------- Do you Yahoo!? Y! Web Hosting - Let the expert host your web site -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>