[TYPO3-50-general] RFC: Validation Refactoring
Sebastian KurfŸürst
sebastian at typo3.org
Tue Sep 15 20:18:04 CEST 2009
Hey,
I've been discussing with Bastian lately what needs to be done so that
the ValidatorResolver will behave in a consistent way. Here are our
ideas, please comment on them:
1) If an argument of type "string" is registered, currently the
"TextValidator" is being used. This imposes several problems and is
quite counterintuitive.
- First, it brings errors in Fluid, if you want to register a ViewHelper
with input "String" which contains special characters
- Originally, it has been introduced to prevent XSS attacks, but this is
the wrong place to do this. The view is the right place to make sure all
data is escaped properly, and Fluid does this by default.
Thus, we propose that we introduce a StringValidator which just checks
if the given object is a string (is_string).
2) Additionally, we'd propose the following groups of validators:
- Validator based on the @param annotation (checking the simple type)
- Special validators defined with @validate in the annotation of the method.
- Model-based validators (@validate annotations in the model and Model
Validator Classes)
We need to make sure that all these three groups are always called.
With the @dontvalidate annotation, I'd suggest to _only_ disable the
"Model-based validators". Thus, the @dontvalidate annotation should be
evaluated inside the buildBaseValidatorConjunction().
I have some more ideas which I'll put into a separate RFC.
Greets,
Sebastian
More information about the TYPO3-project-5_0-general
mailing list