[TYPO3-core] RFC #9553: Bug: Form validation script jsfunc.validateform.js sometimes fails in IE
Vladimir Podkovanov
admin at sitesfactory.ru
Wed Oct 15 16:52:51 CEST 2008
Xavier Perseguers wrote:
> Hi,
>
>> By the way I think form validation should be rewritten in the future
>> from scratch. IMHO it should be server side as
>>
>> 1. in case of an error in js validation func emails just sending
>> without checking required fields
>>
>> 2. client side checking could be easily tricked by editing js or
>> switching js off
>>
>> 3. there is old bug 3527 re: non-english unicode labels in form; that
>> is not resolved because old browsers have missed javascript function
>> decodeURI() (one of reasons)
>>
>> 4. bug in current thread also shows that better do server side
>> evaluation than rely on valid javascript execution in every browser
>
> IMHO, client-side check is just a way to quickly check that the form
> *seems* to be valid, it is convenient in many cases to do this because
> it saves bandwidth and can perform some quick checks, mainly misses from
> the user.
>
> However, server side checks should *always* be done for the reasons you
> gave above and because sometimes a script is accessed "legally" from
> another script on another server without relying on the html form itself
> but by performing a direct POST request.
>
Yes, I think it is good way and IMHO it should be configurable from
content element and in FORM cObj - choosing client side processing,
server side processing or both should be used.
And if we leave client side js checking then unicode labels still should
be handled.
Vladimir
More information about the TYPO3-team-core
mailing list