Smalltalk › Frameworks & Tools › AIDA/Web

Field Validation

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

19 messages Options

Rob Rothwell

Field Validation

Just wondered where/how any of you perform field validation for data entry within your forms before I try to re-invent the wheel.

Do you just subclass WebInputField and add a validationBlock or some such thing?

Rob Rothwell

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Janko Mivšek

Re: Field Validation

Rob Rothwell wrote:

> Just wondered where/how any of you perform field validation for data
> entry within your forms before I try to re-invent the wheel.

> Do you just subclass WebInputField and add a validationBlock or some
> such thing?

This is a possibility, other more usual is to make a validation in an
action method. Note also the error reporting support in WebApplication.
Let me make an approximate example:

actionForm

self entriesValid
ifTrue: [self redirectToView: #confirmation]
ifFalse:
[self error: 'Entries invalid'.
self redirectToView: #form]

viewForm

self add: self errorReport. "empty, of no error, otherwise red text"
"your form here"

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Janko Mivšek

Re: Field Validation

Also, it would be nice to enhance field validation and error reporting a
bit. I'm thinking about ajaxified validation immediately after data
entry and immediate error reporting near the field. Non-intrusive and
elegant.

We can do that by extending WebInputField (WebFormElement?) to include a
validation block, which is executed immediately after data entry. We can
also provide convenience methods for some most usual validations like
date, email, numbers etc.

Any more ideas?

Janko

Janko Mivšek wrote:

> Rob Rothwell wrote:
>
>> Just wondered where/how any of you perform field validation for data
>> entry within your forms before I try to re-invent the wheel.
>
>> Do you just subclass WebInputField and add a validationBlock or some
>> such thing?
>
> This is a possibility, other more usual is to make a validation in an
> action method. Note also the error reporting support in WebApplication.
> Let me make an approximate example:
>
> actionForm
>
> self entriesValid
> ifTrue: [self redirectToView: #confirmation]
> ifFalse:
> [self error: 'Entries invalid'.
> self redirectToView: #form]
>
>
> viewForm
>
> self add: self errorReport. "empty, of no error, otherwise red text"
> "your form here"
>
>
>
>
>
>

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Rob Rothwell

Re: Field Validation

On Thu, Mar 13, 2008 at 8:33 AM, Janko Mivšek <[hidden email]> wrote:

Also, it would be nice to enhance field validation and error reporting a
bit. I'm thinking about ajaxified validation immediately after data
entry and immediate error reporting near the field. Non-intrusive and
elegant.

We can do that by extending WebInputField (WebFormElement?) to include a
validation block, which is executed immediately after data entry. We can
also provide convenience methods for some most usual validations like
date, email, numbers etc.

Any more ideas?

I guess that was sort of what I was wondering about after playing around with Magritte in Seaside a bit. It would put the specified error message right there on the form, but was not "ajaxified" (I don't think). It just performed the validation rules upon form entry, with a syntax like:

(StringDescription selector: #email label: 'E-Mail Address')
     addCondition: [ :value |
          (value matches: '*#@#*.#*')
               & (value endsWith: '.ch') ] asCondition
     label: 'Invalid E-Mail';
     yourself.

You would then send a message like "asComponentOn:" to the "Description" of the object to get a Morphic/Seaside component, ready to add to your form.

I suppose the Magritte framework could be extended to use Aida objects, if you thought that would be worthwhile. Then you would be describing your domain with "Meta objects" that "knew" how to display themselves in Aida.

I don't have enough experience to know if the overhead of a Meta-framework is worth it for most applications, though.

Rob
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Janko Mivšek

Re: Field Validation

Rob Rothwell wrote:

> Also, it would be nice to enhance field validation and error reporting a
> bit. I'm thinking about ajaxified validation immediately after data
> entry and immediate error reporting near the field. Non-intrusive and
> elegant.
>
> We can do that by extending WebInputField (WebFormElement?) to include a
> validation block, which is executed immediately after data entry. We can
> also provide convenience methods for some most usual validations like
> date, email, numbers etc.

> I guess that was sort of what I was wondering about after playing around
> with Magritte in Seaside a bit. It would put the specified error
> message right there on the form, but was not "ajaxified" (I don't
> think). It just performed the validation rules upon form entry, with a
> syntax like:
>
> (StringDescription selector: #email label: 'E-Mail Address')
> addCondition: [ :value |
> (value matches: '*#@#*.#*')
> & (value endsWith: '.ch') ] asCondition
> label: 'Invalid E-Mail';
> yourself.
>
> You would then send a message like "asComponentOn:" to the "Description"
> of the object to get a Morphic/Seaside component, ready to add to your form.
>
> I suppose the Magritte framework could be extended to use Aida objects,
> if you thought that would be worthwhile. Then you would be describing
> your domain with "Meta objects" that "knew" how to display themselves in
> Aida.
>
> I don't have enough experience to know if the overhead of a
> Meta-framework is worth it for most applications, though.

I also have a similar doubt and for now it would be most user friendly
to extend WebFormElement, so that you'll have a code like:

e addInputFieldAspect: #email
for: self observee
validIf: [:value |
(value matches: '*#@#*.#*') & (value endsWith: '.ch')
errorText: 'Invalid E-Mail'

Maybe method could be named better...

Janko

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Janko Mivšek

Re: Field Validation

Look at this JSValidate demo. That's how I see to make the error
reporting of validations most non-intrussible but informative:

http://www.jsvalidate.com/demo/

Go to the first field and just tab out to see, how error will be shown.

Janko

Janko Mivšek wrote:

> Rob Rothwell wrote:
>
>> Also, it would be nice to enhance field validation and error reporting a
>> bit. I'm thinking about ajaxified validation immediately after data
>> entry and immediate error reporting near the field. Non-intrusive and
>> elegant.
>>
>> We can do that by extending WebInputField (WebFormElement?) to include a
>> validation block, which is executed immediately after data entry. We can
>> also provide convenience methods for some most usual validations like
>> date, email, numbers etc.
>
>> I guess that was sort of what I was wondering about after playing around
>> with Magritte in Seaside a bit. It would put the specified error
>> message right there on the form, but was not "ajaxified" (I don't
>> think). It just performed the validation rules upon form entry, with a
>> syntax like:
>>
>> (StringDescription selector: #email label: 'E-Mail Address')
>> addCondition: [ :value |
>> (value matches: '*#@#*.#*')
>> & (value endsWith: '.ch') ] asCondition
>> label: 'Invalid E-Mail';
>> yourself.
>>
>> You would then send a message like "asComponentOn:" to the "Description"
>> of the object to get a Morphic/Seaside component, ready to add to your form.
>>
>> I suppose the Magritte framework could be extended to use Aida objects,
>> if you thought that would be worthwhile. Then you would be describing
>> your domain with "Meta objects" that "knew" how to display themselves in
>> Aida.
>>
>> I don't have enough experience to know if the overhead of a
>> Meta-framework is worth it for most applications, though.
>
> I also have a similar doubt and for now it would be most user friendly
> to extend WebFormElement, so that you'll have a code like:
>
> e addInputFieldAspect: #email
> for: self observee
> validIf: [:value |
> (value matches: '*#@#*.#*') & (value endsWith: '.ch')
> errorText: 'Invalid E-Mail'
>
> Maybe method could be named better...
>
>
> Janko
>
>

Rob Rothwell

Re: Field Validation

In reply to this post by Janko Mivšek

On Thu, Mar 13, 2008 at 10:12 AM, Janko Mivšek <[hidden email]> wrote:

I also have a similar doubt and for now it would be most user friendly
to extend WebFormElement, so that you'll have a code like:

e addInputFieldAspect: #email
for: self observee
validIf: [:value |

(value matches: '*#@#*.#*') & (value endsWith: '.ch')

errorText: 'Invalid E-Mail'

Maybe method could be named better...

I like how simple Aida is, and while "all you had to do" in Magritte to add a new data element to a form was add it's description on the class side, it was still another layer of abstraction which made it more difficult for me.

Your method above is what I was planning on trying to create to make sure my account numbers had the right number of digits, etc...

As for naming methods, I'm still not very good at that myself!

Rob

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Nicolas Petton

Re: Field Validation

In reply to this post by Janko Mivšek

Le jeudi 13 mars 2008 à 15:21 +0100, Janko Mivšek a écrit :
> Look at this JSValidate demo. That's how I see to make the error
> reporting of validations most non-intrussible but informative:
>
> http://www.jsvalidate.com/demo/
>
The release date is a bit old. Does it work with current prototype and
s.a.u ?

Cheers!

Nico
--
Nicolas Petton
http://nico.bioskop.fr
___
ooooooo
OOOOOOOOO
|Smalltalk|
OOOOOOOOO
ooooooo
\ /
[|]
--------------------------------
Ma clé PGP est disponible ici :
http://nico.bioskop.fr/pgp-key.html

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

signature.asc (196 bytes) Download Attachment

Nicolas Petton

Re: Field Validation

In reply to this post by Janko Mivšek

Ok, all this could be good, but don't you think that it is more
important to validate on the server side ?The risk here is that people
won't validate on server side, and lots of errors could happen.

Nico
--
Nicolas Petton
http://nico.bioskop.fr
___
ooooooo
OOOOOOOOO
|Smalltalk|
OOOOOOOOO
ooooooo
\ /
[|]
--------------------------------
Ma clé PGP est disponible ici :
http://nico.bioskop.fr/pgp-key.html

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

signature.asc (196 bytes) Download Attachment

Rob Rothwell

Re: Field Validation

Do you mean, for example, that I can make sure in an Ajax client that I have a 7 digit account number, but on the server I have to make sure it actually exists before I start trying to look up information about that account?

So...syntactic validation versus data validation?

Rob

On Thu, Mar 13, 2008 at 10:44 AM, Nicolas Petton <[hidden email]> wrote:

Ok, all this could be good, but don't you think that it is more
important to validate on the server side ?The risk here is that people
won't validate on server side, and lots of errors could happen.

Nico
--
Nicolas Petton
http://nico.bioskop.fr
___
ooooooo
OOOOOOOOO
|Smalltalk|
OOOOOOOOO
ooooooo
\ /
[|]
--------------------------------
Ma clé PGP est disponible ici :
http://nico.bioskop.fr/pgp-key.html

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

--
The foolish reject what they see, not what they think; the wise reject what they think, not what they see. -- Huang Po
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Nicolas Petton

Re: Field Validation

I mean that client side validation is dangerous, especially with js code. For example, what if js is disabled on the client web browser? The form will be validated. Try on the website given by Janko, disable js and try it.
This introduces several vulnerabilities.

Nico

2008/3/13, Rob Rothwell <[hidden email]>:

Do you mean, for example, that I can make sure in an Ajax client that I have a 7 digit account number, but on the server I have to make sure it actually exists before I start trying to look up information about that account?

So...syntactic validation versus data validation?

Rob

On Thu, Mar 13, 2008 at 10:44 AM, Nicolas Petton <[hidden email]> wrote:

Ok, all this could be good, but don't you think that it is more
important to validate on the server side ?The risk here is that people
won't validate on server side, and lots of errors could happen.

Nico
--
Nicolas Petton
<a href="http://nico.bioskop.fr" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://nico.bioskop.fr
___
ooooooo
OOOOOOOOO
|Smalltalk|
OOOOOOOOO
ooooooo
\ /
[|]
--------------------------------
Ma clé PGP est disponible ici :
<a href="http://nico.bioskop.fr/pgp-key.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://nico.bioskop.fr/pgp-key.html

_______________________________________________
Aida mailing list
[hidden email]
<a href="http://lists.aidaweb.si/mailman/listinfo/aida" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.aidaweb.si/mailman/listinfo/aida

--
The foolish reject what they see, not what they think; the wise reject what they think, not what they see. -- Huang Po
_______________________________________________
Aida mailing list
[hidden email]
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.aidaweb.si/mailman/listinfo/aida" target="_blank">http://lists.aidaweb.si/mailman/listinfo/aida

--
Nicolas Petton

http://nico.bioskop.fr
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Stefan Schmiedl

Re: Field Validation

On Thu, 13 Mar 2008 19:28:57 +0100
"nicolas petton" <[hidden email]> wrote:

> I mean that client side validation is dangerous, especially with js code.
> For example, what if js is disabled on the client web browser? The form will
> be validated. Try on the website given by Janko, disable js and try it.
> This introduces several vulnerabilities.

Split responsibilities:
Client side: syntax check
Server side: content check

The content check should not rely on getting valid syntax from the
client. Even if JavaScript is active, you still have to be prepared for
requests generated by some automatism, where client side activity
is usually by-passed.

s.
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Nicolas Petton

Re: Field Validation

Le jeudi 13 mars 2008 à 20:23 +0100, Stefan Schmiedl a écrit :

> On Thu, 13 Mar 2008 19:28:57 +0100
> "nicolas petton" <[hidden email]> wrote:
>
> > I mean that client side validation is dangerous, especially with js code.
> > For example, what if js is disabled on the client web browser? The form will
> > be validated. Try on the website given by Janko, disable js and try it.
> > This introduces several vulnerabilities.
>
> Split responsibilities:
> Client side: syntax check
> Server side: content check

Yes, it could be done, but it would complicate a lot. You have to check
twice. I would just improve the current validation form to be better and
simpler, without any javascript addition.

Cheers!

Nico
--
Nicolas Petton
http://nico.bioskop.fr
___
ooooooo
OOOOOOOOO
|Smalltalk|
OOOOOOOOO
ooooooo
\ /
[|]
--------------------------------
Ma clé PGP est disponible ici :
http://nico.bioskop.fr/pgp-key.html

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

signature.asc (196 bytes) Download Attachment

Stefan Schmiedl

Re: Field Validation

On Thu, 13 Mar 2008 20:58:33 +0100
Nicolas Petton <[hidden email]> wrote:

>
> Le jeudi 13 mars 2008 à 20:23 +0100, Stefan Schmiedl a écrit :
> > On Thu, 13 Mar 2008 19:28:57 +0100
> > "nicolas petton" <[hidden email]> wrote:
> >
> > > I mean that client side validation is dangerous, especially with js code.
> > > For example, what if js is disabled on the client web browser? The form will
> > > be validated. Try on the website given by Janko, disable js and try it.
> > > This introduces several vulnerabilities.
> >
> > Split responsibilities:
> > Client side: syntax check
> > Server side: content check
>
> Yes, it could be done, but it would complicate a lot. You have to check
> twice.

But not the same things. I'd have a 'dumb' syntax-check in
JavaScript and a 'smart' content check in Smalltalk. With this setup I get
*immediate* client-side typo-warnings (no request-response-cycle)
and coherent entries in the application.

Consider a simple address book and a form for doing a reverse lookup
for phone numbers.
Client: "digits only"
Server: "search application model"

s.
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Janko Mivšek

Re: Field Validation

In reply to this post by Nicolas Petton

>>> I mean that client side validation is dangerous, especially with js code.
>>> For example, what if js is disabled on the client web browser? The form will
>>> be validated. Try on the website given by Janko, disable js and try it.
>>> This introduces several vulnerabilities.

>> Split responsibilities:
>> Client side: syntax check
>> Server side: content check
>
> Yes, it could be done, but it would complicate a lot. You have to check
> twice. I would just improve the current validation form to be better and
> simpler, without any javascript addition.

I also think that validation should be completely done on server side,
but we can use Ajax to have immediate validation, as that it occurred on
client side. And if the user switch-off JS, it will still work. I think
we can we can actually extend WebFormElement to have such hybrid
validation error reporting, real-time if JS is on and after the submit
if JS is off. That last one needs to work always anyway!

Janko

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Janko Mivšek

Re: Field Validation

In reply to this post by Nicolas Petton

Just to clarify a bit. I provided that example just to show UI part of
story, how to report validation errors, that is. I didn't mean that we
need to use that library, but just the idea how to show errors, simply,
non-intrusivelly.

Janko

Nicolas Petton wrote:

> Le jeudi 13 mars 2008 à 15:21 +0100, Janko Mivšek a écrit :
>> Look at this JSValidate demo. That's how I see to make the error
>> reporting of validations most non-intrussible but informative:
>>
>> http://www.jsvalidate.com/demo/
>>
> The release date is a bit old. Does it work with current prototype and
> s.a.u ?
>
> Cheers!
>
> Nico
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Aida mailing list
> [hidden email]
> http://lists.aidaweb.si/mailman/listinfo/aida

Stefan Schmiedl

Re: Field Validation

In reply to this post by Janko Mivšek

On Fri, 14 Mar 2008 01:30:50 +0100
Janko Mivšek <[hidden email]> wrote:

> I also think that validation should be completely done on server side,
> but we can use Ajax to have immediate validation, as that it occurred on
> client side. And if the user switch-off JS, it will still work.

How will A*J*AX verification work if you switch off the J?

> I think
> we can we can actually extend WebFormElement to have such hybrid
> validation error reporting, real-time if JS is on and after the submit
> if JS is off. That last one needs to work always anyway!
>

Depending on your internet connection and the server load a
request-response-cycle can very well take noticeable time. And this can
happen easily even in the days of broadband connections. Just imagine
sitting in an office sharing a 2 MBit downstream 128kBit upstream
connection with 40 other people just sending and receiving mails.
Under those circumstances, even telnetting to an external machine is a
drag...

s.
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

giorgiof

Re: Field Validation

In reply to this post by Janko Mivšek

Hi, Janko et All,

For what I know about doing WEB applications, surely you cannot rely on client validation done on Javascript. But, on the other side, you cannot avoid to do validation on the client, because I wouldn't like (as of today) to fill up a form, post its data and only then have back an error message telling me that a date couldn't have the months 13.
So, double check is quite the standard.
An Ajax solution, having a response time close to a javascript one, is today probably the best solution for validation (syntactic), because you can write validation logic on the server using Smalltalk, not javascript.
In any case (Javascript or Ajax) , I will suggest to do also a complete validation after the final post (or after the final post equivalent), validating both syntax and semantic. This is because on the WEB you cannot think to be sure about what you get.

Obviously this depend from the kind of application you use (data sensibility) , and the user you target. I usually, when developing intranet applications (web based replica of standard client/server app), avoid to double check the syntax, but I'm inside a firewall, with a selected kind of users customers. On the web I'll surely check twice.

just my 2 cents

Ciao

Giorgio

On Fri, Mar 14, 2008 at 1:30 AM, Janko Mivšek <[hidden email]> wrote:

>>> I mean that client side validation is dangerous, especially with js code.
>>> For example, what if js is disabled on the client web browser? The form will
>>> be validated. Try on the website given by Janko, disable js and try it.
>>> This introduces several vulnerabilities.

>> Split responsibilities:
>> Client side: syntax check
>> Server side: content check
>
> Yes, it could be done, but it would complicate a lot. You have to check
> twice. I would just improve the current validation form to be better and
> simpler, without any javascript addition.

I also think that validation should be completely done on server side,
but we can use Ajax to have immediate validation, as that it occurred on
client side. And if the user switch-off JS, it will still work. I think
we can we can actually extend WebFormElement to have such hybrid
validation error reporting, real-time if JS is on and after the submit
if JS is off. That last one needs to work always anyway!

Janko

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________

Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida

Janko Mivšek

Re: Field Validation

In reply to this post by Stefan Schmiedl

Hi Stefan,

Stefan Schmiedl wrote:

>> I also think that validation should be completely done on server side,
>> but we can use Ajax to have immediate validation, as that it occurred on
>> client side. And if the user switch-off JS, it will still work.
>
> How will A*J*AX verification work if you switch off the J?

Then validation will nicely downgrade to one after form submittion. That
one needs always to be done in any case. So the only difference without
JS is that you don't have a real-time validation, that is showing an
error immediately after data is entered in field.

> Depending on your internet connection and the server load a
> request-response-cycle can very well take noticeable time. And this can
> happen easily even in the days of broadband connections. Just imagine
> sitting in an office sharing a 2 MBit downstream 128kBit upstream
> connection with 40 other people just sending and receiving mails.
> Under those circumstances, even telnetting to an external machine is a
> drag...

I don't have a feeling that Ajax is slow over the internet, at least not
here in Slovenia. As you know I host a lot of customers on my server and
those web apps are pretty heavy Ajaxified, but I didn't hear a
complaint of slowness yet.

JAnko

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida