[Zope] Validate fields?

chas panda@skinnyhippo.com
Tue, 07 Sep 1999 00:28:59 +0900 

oops, clearing the outbox.

At 04:08 PM 9/2/99 +0300, Itamar Shtull-Trauring wrote:
>Martijn Faassen wrote:
>
>> I expect I'll start with this next month or so. :) (I also got some
>> simplistic prototype ZClass working that does at least server side
>> validation, and I had someone figure out some client side javascript
>> validation, so the pieces are falling into place)
>
>Trusting what came from the client side is what caused the Hotmail bug,

sort of. that was just a hole the size of, er, something very big. 

> so
>you have to do validation on the server side even if you checked on the
>client side.  It does save time for the user, since if they enter a
>malformed email it'll tell them right away without reloading the whole page.

try downloading a web page in somewhere like china. speeds
are terrible. i'd rather be told that i'd forgotten to enter
my surname before submitting than have to wait 30 seconds just
to find out.  in fact, i probably wouldn't bother resubmitting
it unless i really needed the product. then again, i'm anal.

for 90% of field validation, client-side is sufficient. use your 
discretion for the rest. as for email validation (which the 
previous side-thread mentioned), you simply can't do it in real time. 
sure, you can check with regexp but what stops me writing 
an imaginary email address ? yes, you can send them an email but what
if their email server is temporarily off line ? you'll get a 
negative result but the mail will reach them a few hours later if
their server goes online again.

btw, some people mentioned using regexp in javascript - be aware that 
only 4.x+ browsers support JS regexp (i still get 10% of visitors using 
lesser browsers, including the perenially crap msie3)

There are a set of validation scripts that do all form validation
- i call it the monster form validation script.  Originally from
netscape. I've put it up at :
http://www.skinnyhippo.com/chas/javascript/

I mention this because client-side validation CAN be powerful if you
know what you're doing. I've seen scary amounts of production code
testing for a null value with  if(document.form.field.value=="")  -
oh oh, what  happens if it's a <CR> in a textarea or a space or tab ?
See  isWhitespace() in the monster validation script for the correct
function.

it would be not too complex to build a python class or zclass to generate
this javascript as well as generate the HTML form tags. (in fact, i've
put a basic class that does the latter at www.skinnyhippo.com/chas/python 
- it's probably grade E python b/c i'm off my head half the time i write
code -
but you can see how creating something similar to formitem.py and adding the 
Javascript would be trivial). 

integrating with zope and rewriting as a zclass (so that we don't have 
to write <INPUT.... blah> tags for the rest of our lives) will be
fun/interesting
and something I'll do (along with putting all my other python modules online),
when i either get free cycles or sell out for a disgustingly large sum 
of money.

ok, that's all for now. back to zope :)

chas