I think this is still the biggest gap in CForms compared to Struts... meaning clientside validation auto generated from the form definition
"Derek Hohls" <[EMAIL PROTECTED]> 04/10/2005 08:34 Please respond to [email protected] To <[email protected]> cc Subject Re: AJAX and Cocoon - Design Patterns Ralph Can you expand a bit on that statement - "you can define a single set of validation criteria that is used to generate whatever validation is performed both client side and server side" Do you mean that you are generating =Javascript= from the CForms definition file/s, to be loaded with the form so that validation can be done in the user's browser before the form is submitted? If so, could you show a small snippet of sample code - if not, could you perhaps explain a little further? Thanks Derek >>> [EMAIL PROTECTED] 2005/10/03 10:04 PM >>> Johannes Textor wrote: >Hi Ralph, > > > >>Johannes, >>If you actually do this you will be creating a website with a big >>security hole. Anyone would be able to send fake requests to your >>server with bogus data. Client side validation is nice - it gives a >>faster response to the user and does take a load off the server as >>only valid requests SHOULD make it to the server. However, the server >>must still also perform data validation as someone could log in and >>then start sending bogus requests to you. >> >> > >I see your point, but the mentioned pipeline resides in a subdirectory >which is protected via the authentication framework. Furthermore, all >requests are checked for integrity and validity before execution (in the >custom actions), to avoid data loss in case that something weird happens >on the client side. So I think this is no less secure than CForms >validation, for example. > >Regards, >Johannes > > > No, it certainly doesn't have to be CForms validation. But it sure is nice when the validation on the client side and on the server side are done using a common set of definitions. By this I mean that you can define a single set of validation criteria that is used to generate whatever validation is performed both client side and server side. So if you have to add a new parameter you can just add it in one place and there is no danger of the client and server getting out of sync. I have found that Cocoon is most helpful in that kind of scenario as you can use a common generator with different transformers. Ralph --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This message is subject to the CSIR's copyright, terms and conditions and e-mail legal notice. Views expressed herein do not necessarily represent the views of the CSIR. CSIR E-mail Legal Notice http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html CSIR Copyright, Terms and Conditions http://mail.csir.co.za/CSIR_Copyright.html For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR Legal Notice send a blank message with REQUEST LEGAL in the subject line to [EMAIL PROTECTED] This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks Transtec Computers for their support. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
