Zope-like html-forms and required, disappearing valuesserverside in plain python
Paul Boddie
paul at boddie.net
Wed Jan 29 10:03:05 EST 2003
Ian Bicking <ianb at colorstudy.com> wrote in message news:<mailman.1043838052.28710.python-list at python.org>...
> On Wed, 2003-01-29 at 04:34, Thomas Weholt wrote:
> > I'm trying to implement something similar to Zopes html-forms:
> >
> > <form ....>
> > <input type="text" name="name:string:required">
> > <input type="text" name="age:int">
> > ...
> > </form>
>
> This Zope technique is lame. You shouldn't put validation information
> into the form like this, you should keep it on the server side where
> it's safe and can actually be trusted.
Indeed. In a recent thread, it was pointed out how convenient it could
be to write things like "collection[]" and interpret such things as
lists, and this is relatively harmless as long as the application
itself knows what to expect.
> I'd describe the form in the form handler. (Well, I wrote FunFormKit
> (.sf.net), so I went a lot further than that)
Yes, I suspect that FunFormKit would be of interest here. I've written
some form validation stuff myself, although it's based on XML
descriptions of the expected data which could be seen as overkill for
forms with just a few fields. Having said that, I personally can't
stand writing explicit validation checks in my servlets/handlers as if
it were 1996. ;-)
Paul
More information about the Python-list
mailing list