Just wondered where/how any of you perform field validation for data entry within your forms before I try to re-invent the wheel.
Do you just subclass WebInputField and add a validationBlock or some such thing? Rob Rothwell _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
Rob Rothwell wrote:
> Just wondered where/how any of you perform field validation for data > entry within your forms before I try to re-invent the wheel. > Do you just subclass WebInputField and add a validationBlock or some > such thing? This is a possibility, other more usual is to make a validation in an action method. Note also the error reporting support in WebApplication. Let me make an approximate example: actionForm self entriesValid ifTrue: [self redirectToView: #confirmation] ifFalse: [self error: 'Entries invalid'. self redirectToView: #form] viewForm self add: self errorReport. "empty, of no error, otherwise red text" "your form here" -- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
Also, it would be nice to enhance field validation and error reporting a
bit. I'm thinking about ajaxified validation immediately after data entry and immediate error reporting near the field. Non-intrusive and elegant. We can do that by extending WebInputField (WebFormElement?) to include a validation block, which is executed immediately after data entry. We can also provide convenience methods for some most usual validations like date, email, numbers etc. Any more ideas? Janko Janko Mivšek wrote: > Rob Rothwell wrote: > >> Just wondered where/how any of you perform field validation for data >> entry within your forms before I try to re-invent the wheel. > >> Do you just subclass WebInputField and add a validationBlock or some >> such thing? > > This is a possibility, other more usual is to make a validation in an > action method. Note also the error reporting support in WebApplication. > Let me make an approximate example: > > actionForm > > self entriesValid > ifTrue: [self redirectToView: #confirmation] > ifFalse: > [self error: 'Entries invalid'. > self redirectToView: #form] > > > viewForm > > self add: self errorReport. "empty, of no error, otherwise red text" > "your form here" > > > > > > -- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
On Thu, Mar 13, 2008 at 8:33 AM, Janko Mivšek <[hidden email]> wrote:
Also, it would be nice to enhance field validation and error reporting a I guess that was sort of what I was wondering about after playing around with Magritte in Seaside a bit. It would put the specified error message right there on the form, but was not "ajaxified" (I don't think). It just performed the validation rules upon form entry, with a syntax like: (StringDescription selector: #email label: 'E-Mail Address') addCondition: [ :value | (value matches: '*#@#*.#*') & (value endsWith: '.ch') ] asCondition label: 'Invalid E-Mail'; yourself. You would then send a message like "asComponentOn:" to the "Description" of the object to get a Morphic/Seaside component, ready to add to your form. I suppose the Magritte framework could be extended to use Aida objects, if you thought that would be worthwhile. Then you would be describing your domain with "Meta objects" that "knew" how to display themselves in Aida. I don't have enough experience to know if the overhead of a Meta-framework is worth it for most applications, though. Rob _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
Rob Rothwell wrote:
> Also, it would be nice to enhance field validation and error reporting a > bit. I'm thinking about ajaxified validation immediately after data > entry and immediate error reporting near the field. Non-intrusive and > elegant. > > We can do that by extending WebInputField (WebFormElement?) to include a > validation block, which is executed immediately after data entry. We can > also provide convenience methods for some most usual validations like > date, email, numbers etc. > I guess that was sort of what I was wondering about after playing around > with Magritte in Seaside a bit. It would put the specified error > message right there on the form, but was not "ajaxified" (I don't > think). It just performed the validation rules upon form entry, with a > syntax like: > > (StringDescription selector: #email label: 'E-Mail Address') > addCondition: [ :value | > (value matches: '*#@#*.#*') > & (value endsWith: '.ch') ] asCondition > label: 'Invalid E-Mail'; > yourself. > > You would then send a message like "asComponentOn:" to the "Description" > of the object to get a Morphic/Seaside component, ready to add to your form. > > I suppose the Magritte framework could be extended to use Aida objects, > if you thought that would be worthwhile. Then you would be describing > your domain with "Meta objects" that "knew" how to display themselves in > Aida. > > I don't have enough experience to know if the overhead of a > Meta-framework is worth it for most applications, though. I also have a similar doubt and for now it would be most user friendly to extend WebFormElement, so that you'll have a code like: e addInputFieldAspect: #email for: self observee validIf: [:value | (value matches: '*#@#*.#*') & (value endsWith: '.ch') errorText: 'Invalid E-Mail' Maybe method could be named better... Janko -- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
Look at this JSValidate demo. That's how I see to make the error
reporting of validations most non-intrussible but informative: http://www.jsvalidate.com/demo/ Go to the first field and just tab out to see, how error will be shown. Janko Janko Mivšek wrote: > Rob Rothwell wrote: > >> Also, it would be nice to enhance field validation and error reporting a >> bit. I'm thinking about ajaxified validation immediately after data >> entry and immediate error reporting near the field. Non-intrusive and >> elegant. >> >> We can do that by extending WebInputField (WebFormElement?) to include a >> validation block, which is executed immediately after data entry. We can >> also provide convenience methods for some most usual validations like >> date, email, numbers etc. > >> I guess that was sort of what I was wondering about after playing around >> with Magritte in Seaside a bit. It would put the specified error >> message right there on the form, but was not "ajaxified" (I don't >> think). It just performed the validation rules upon form entry, with a >> syntax like: >> >> (StringDescription selector: #email label: 'E-Mail Address') >> addCondition: [ :value | >> (value matches: '*#@#*.#*') >> & (value endsWith: '.ch') ] asCondition >> label: 'Invalid E-Mail'; >> yourself. >> >> You would then send a message like "asComponentOn:" to the "Description" >> of the object to get a Morphic/Seaside component, ready to add to your form. >> >> I suppose the Magritte framework could be extended to use Aida objects, >> if you thought that would be worthwhile. Then you would be describing >> your domain with "Meta objects" that "knew" how to display themselves in >> Aida. >> >> I don't have enough experience to know if the overhead of a >> Meta-framework is worth it for most applications, though. > > I also have a similar doubt and for now it would be most user friendly > to extend WebFormElement, so that you'll have a code like: > > e addInputFieldAspect: #email > for: self observee > validIf: [:value | > (value matches: '*#@#*.#*') & (value endsWith: '.ch') > errorText: 'Invalid E-Mail' > > Maybe method could be named better... > > > Janko > > -- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
In reply to this post by Janko Mivšek
On Thu, Mar 13, 2008 at 10:12 AM, Janko Mivšek <[hidden email]> wrote:
I also have a similar doubt and for now it would be most user friendly I like how simple Aida is, and while "all you had to do" in Magritte to add a new data element to a form was add it's description on the class side, it was still another layer of abstraction which made it more difficult for me. Your method above is what I was planning on trying to create to make sure my account numbers had the right number of digits, etc... As for naming methods, I'm still not very good at that myself! Rob _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
In reply to this post by Janko Mivšek
Le jeudi 13 mars 2008 à 15:21 +0100, Janko Mivšek a écrit : > Look at this JSValidate demo. That's how I see to make the error > reporting of validations most non-intrussible but informative: > > http://www.jsvalidate.com/demo/ > The release date is a bit old. Does it work with current prototype and s.a.u ? Cheers! Nico -- Nicolas Petton http://nico.bioskop.fr ___ ooooooo OOOOOOOOO |Smalltalk| OOOOOOOOO ooooooo \ / [|] -------------------------------- Ma clé PGP est disponible ici : http://nico.bioskop.fr/pgp-key.html _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida signature.asc (196 bytes) Download Attachment |
In reply to this post by Janko Mivšek
Ok, all this could be good, but don't you think that it is more
important to validate on the server side ?The risk here is that people won't validate on server side, and lots of errors could happen. Nico -- Nicolas Petton http://nico.bioskop.fr ___ ooooooo OOOOOOOOO |Smalltalk| OOOOOOOOO ooooooo \ / [|] -------------------------------- Ma clé PGP est disponible ici : http://nico.bioskop.fr/pgp-key.html _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida signature.asc (196 bytes) Download Attachment |
Do you mean, for example, that I can make sure in an Ajax client that I have a 7 digit account number, but on the server I have to make sure it actually exists before I start trying to look up information about that account?
So...syntactic validation versus data validation? Rob On Thu, Mar 13, 2008 at 10:44 AM, Nicolas Petton <[hidden email]> wrote: Ok, all this could be good, but don't you think that it is more -- The foolish reject what they see, not what they think; the wise reject what they think, not what they see. -- Huang Po _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
I mean that client side validation is dangerous, especially with js code. For example, what if js is disabled on the client web browser? The form will be validated. Try on the website given by Janko, disable js and try it.
This introduces several vulnerabilities. Nico 2008/3/13, Rob Rothwell <[hidden email]>: Do you mean, for example, that I can make sure in an Ajax client that I have a 7 digit account number, but on the server I have to make sure it actually exists before I start trying to look up information about that account? -- Nicolas Petton http://nico.bioskop.fr _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
On Thu, 13 Mar 2008 19:28:57 +0100
"nicolas petton" <[hidden email]> wrote: > I mean that client side validation is dangerous, especially with js code. > For example, what if js is disabled on the client web browser? The form will > be validated. Try on the website given by Janko, disable js and try it. > This introduces several vulnerabilities. Split responsibilities: Client side: syntax check Server side: content check The content check should not rely on getting valid syntax from the client. Even if JavaScript is active, you still have to be prepared for requests generated by some automatism, where client side activity is usually by-passed. s. _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
Le jeudi 13 mars 2008 à 20:23 +0100, Stefan Schmiedl a écrit : > On Thu, 13 Mar 2008 19:28:57 +0100 > "nicolas petton" <[hidden email]> wrote: > > > I mean that client side validation is dangerous, especially with js code. > > For example, what if js is disabled on the client web browser? The form will > > be validated. Try on the website given by Janko, disable js and try it. > > This introduces several vulnerabilities. > > Split responsibilities: > Client side: syntax check > Server side: content check twice. I would just improve the current validation form to be better and simpler, without any javascript addition. Cheers! Nico -- Nicolas Petton http://nico.bioskop.fr ___ ooooooo OOOOOOOOO |Smalltalk| OOOOOOOOO ooooooo \ / [|] -------------------------------- Ma clé PGP est disponible ici : http://nico.bioskop.fr/pgp-key.html _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida signature.asc (196 bytes) Download Attachment |
On Thu, 13 Mar 2008 20:58:33 +0100
Nicolas Petton <[hidden email]> wrote: > > Le jeudi 13 mars 2008 à 20:23 +0100, Stefan Schmiedl a écrit : > > On Thu, 13 Mar 2008 19:28:57 +0100 > > "nicolas petton" <[hidden email]> wrote: > > > > > I mean that client side validation is dangerous, especially with js code. > > > For example, what if js is disabled on the client web browser? The form will > > > be validated. Try on the website given by Janko, disable js and try it. > > > This introduces several vulnerabilities. > > > > Split responsibilities: > > Client side: syntax check > > Server side: content check > > Yes, it could be done, but it would complicate a lot. You have to check > twice. But not the same things. I'd have a 'dumb' syntax-check in JavaScript and a 'smart' content check in Smalltalk. With this setup I get *immediate* client-side typo-warnings (no request-response-cycle) and coherent entries in the application. Consider a simple address book and a form for doing a reverse lookup for phone numbers. Client: "digits only" Server: "search application model" s. _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
In reply to this post by Nicolas Petton
>>> I mean that client side validation is dangerous, especially with js code.
>>> For example, what if js is disabled on the client web browser? The form will >>> be validated. Try on the website given by Janko, disable js and try it. >>> This introduces several vulnerabilities. >> Split responsibilities: >> Client side: syntax check >> Server side: content check > > Yes, it could be done, but it would complicate a lot. You have to check > twice. I would just improve the current validation form to be better and > simpler, without any javascript addition. I also think that validation should be completely done on server side, but we can use Ajax to have immediate validation, as that it occurred on client side. And if the user switch-off JS, it will still work. I think we can we can actually extend WebFormElement to have such hybrid validation error reporting, real-time if JS is on and after the submit if JS is off. That last one needs to work always anyway! Janko -- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
In reply to this post by Nicolas Petton
Just to clarify a bit. I provided that example just to show UI part of
story, how to report validation errors, that is. I didn't mean that we need to use that library, but just the idea how to show errors, simply, non-intrusivelly. Janko Nicolas Petton wrote: > Le jeudi 13 mars 2008 à 15:21 +0100, Janko Mivšek a écrit : >> Look at this JSValidate demo. That's how I see to make the error >> reporting of validations most non-intrussible but informative: >> >> http://www.jsvalidate.com/demo/ >> > The release date is a bit old. Does it work with current prototype and > s.a.u ? > > Cheers! > > Nico > > > ------------------------------------------------------------------------ > > _______________________________________________ > Aida mailing list > [hidden email] > http://lists.aidaweb.si/mailman/listinfo/aida -- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
In reply to this post by Janko Mivšek
On Fri, 14 Mar 2008 01:30:50 +0100
Janko Mivšek <[hidden email]> wrote: > I also think that validation should be completely done on server side, > but we can use Ajax to have immediate validation, as that it occurred on > client side. And if the user switch-off JS, it will still work. How will A*J*AX verification work if you switch off the J? > I think > we can we can actually extend WebFormElement to have such hybrid > validation error reporting, real-time if JS is on and after the submit > if JS is off. That last one needs to work always anyway! > Depending on your internet connection and the server load a request-response-cycle can very well take noticeable time. And this can happen easily even in the days of broadband connections. Just imagine sitting in an office sharing a 2 MBit downstream 128kBit upstream connection with 40 other people just sending and receiving mails. Under those circumstances, even telnetting to an external machine is a drag... s. _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
In reply to this post by Janko Mivšek
Hi, Janko et All,
For what I know about doing WEB applications, surely you cannot rely on client validation done on Javascript. But, on the other side, you cannot avoid to do validation on the client, because I wouldn't like (as of today) to fill up a form, post its data and only then have back an error message telling me that a date couldn't have the months 13. So, double check is quite the standard. An Ajax solution, having a response time close to a javascript one, is today probably the best solution for validation (syntactic), because you can write validation logic on the server using Smalltalk, not javascript. In any case (Javascript or Ajax) , I will suggest to do also a complete validation after the final post (or after the final post equivalent), validating both syntax and semantic. This is because on the WEB you cannot think to be sure about what you get. Obviously this depend from the kind of application you use (data sensibility) , and the user you target. I usually, when developing intranet applications (web based replica of standard client/server app), avoid to double check the syntax, but I'm inside a firewall, with a selected kind of users customers. On the web I'll surely check twice. just my 2 cents Ciao Giorgio On Fri, Mar 14, 2008 at 1:30 AM, Janko Mivšek <[hidden email]> wrote:
_______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
In reply to this post by Stefan Schmiedl
Hi Stefan,
Stefan Schmiedl wrote: >> I also think that validation should be completely done on server side, >> but we can use Ajax to have immediate validation, as that it occurred on >> client side. And if the user switch-off JS, it will still work. > > How will A*J*AX verification work if you switch off the J? Then validation will nicely downgrade to one after form submittion. That one needs always to be done in any case. So the only difference without JS is that you don't have a real-time validation, that is showing an error immediately after data is entered in field. > Depending on your internet connection and the server load a > request-response-cycle can very well take noticeable time. And this can > happen easily even in the days of broadband connections. Just imagine > sitting in an office sharing a 2 MBit downstream 128kBit upstream > connection with 40 other people just sending and receiving mails. > Under those circumstances, even telnetting to an external machine is a > drag... I don't have a feeling that Ajax is slow over the internet, at least not here in Slovenia. As you know I host a lot of customers on my server and those web apps are pretty heavy Ajaxified, but I didn't hear a complaint of slowness yet. JAnko -- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si _______________________________________________ Aida mailing list [hidden email] http://lists.aidaweb.si/mailman/listinfo/aida |
Free forum by Nabble | Edit this page |