if you feel comfortable typing in struts validations in each and every form class of each and every application, who can stop you? And you are also quite free to edit each and every one of them should you you want to add a new kind of check to your forms.
Even if you choose to use the struts-config approach, you are equally free to edit each and every validator expression for each <form...> in all struts-config files.
From your comments above, it seems that you think that creating a form class that extends SafeValidatorForm and sets the properties you have devised is easier than using the built in struts validations, and I don't see that. I think perhaps my extensive use of dynaforms are clouding me on this.
If you came up with a solution that didn't require me to define per form (and even per field in a form) the validation that needed to be done, I might get on board with you.
I still do not understand how null-character validation can be done via the validator. Even if that was possible, ...
I'm not entirely sure, but I think it would be based on defining the character using character codes such as \u0000 for null. For example, in my imaginary world where I had free time, I would write a custom validator called invalidCharacter that would take 2 variables, a delimiter and a list of invalid characters (separated by the delimiter). Something like:
<form name="formymcgee">
<field property="field1" depends="required,invalidCharacter">
<arg0 key="label.field1Name" />
<var>
<var-name>delimiter</var-name>
<var-value>,</var-value>
</var>
<var>
<var-name>invalidCharacters</var-name>
<var-value>\u0000,\u003E,\u003C,|</var-value>
</var>
</field>Like I said, I don't have all the details worked out or even know if this is possible, but I'm pretty sure the answer is through character codes.
Getting a javascript validator worked out for it might be harder, but still do-able I think.
...., all such validation dumps control back to the JSP with the invalid hacker input values (that's a no-no -- checkout Cross-site Scripting hacker attacks).
It looks like David Friedman has pointed out that this is an invalid criticism of validator, otherwise I would have looked into it :)
Basically from the little response I got, I figure that people haven't had to add atleast some amount of antihacker security to their applications. This was my first external site, -- all my life I only did intranet apps. Optimistically thought I would find people who have been through something similar with Struts.
I agree with you that I haven't had to add anti-hacker security to struts - but not because I don't worry about preventing hackers as seem to be implying. So far the built in struts and validator features have been enough to make my basic tests for attacks work.
I highly doubt this will always be the case, which is why I was interested in your proposal...I just don't find it to contain anything beyond what struts can already do (or at least making what struts can currently do easier, as I would even say your proposal makes it harder for this dynavalidatorform user), which is why I asked you to expand on it.
Matt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
