[Zope] How to check if a string contains some characters??

David Burton eloquence@eloquent-designs.f2s.com
Tue, 13 Mar 2001 09:58:10 -0000 

A good point.

Most modern browsers will have Javascript enabled, so it's generally not
such a problem, though.
A significant percentage of sites won't work at all without Javascript
enabled.

Many shopping carts use Javascript, most forms use Javascript for
validation, and many sites use Javascript to pop up windows at an
appropriate size - I normally consider this beneficial - apart from the
pop-ups from free hosting and warez sites.

That said, I'm not suggesting that you can avoid server-side validation -
rather that it is much faster to at least try to handle things like this.
Given that many visitors are liable to be on a dial-up connection, they
don't really want to have to wait nearly a minute to get a response that
they entered an invalid character. Even on a T1 the delays from going
server-side for things like this can be annoying because it's unnecessary.

Both Python and Javascript (1.2) have regular expressions, so you can work
out the right validation expression and use it both client and server-side
anyway.

David

----- Original Message -----
From: "Stephane Bortzmeyer" <bortzmeyer@pasteur.fr>
To: "David Burton" <eloquence@eloquent-designs.f2s.com>
Cc: <zope@zope.org>
Sent: Tuesday, March 13, 2001 8:20 AM
Subject: Re: [Zope] How to check if a string contains some characters??


> On Monday 12 March 2001, at 17 h 31, the keyboard of "David Burton"
> <eloquence@eloquent-designs.f2s.com> wrote:
>
> > A better idea would normally to try to handle invalid values before it
> > reaches ZOPE.
> > Something like this is usually best handled by Javascript verification.
>
> Bad idea: what if the browser does not have JavaScript or decided to
switch it
> off (because he dislikes pages which resizes the browser or popup when you
> leave)?
>
> JavaScript is a convenience for users: you are informed that something is
> wrong before you hit Submit. But the server MUST test anyway. (Think of
> security issues if all the checking is client-side.)
>
>
>