W3C Releases XForms

← Back to Stories (view on slashdot.org)

Posted by timothy on Wednesday November 13, 2002 @06:31AM from the own-your-own-mint dept.

An anonymous reader submits: "On the heels of several other releases, the W3C has released XForms as a Candidate Recommendation. Coverage here and here. XForms is the way-better version of HTML forms -- it's XML-based and includes built-in client-side validation and calculations, without scripting. It is expected to replace old-fashioned HTML forms in XHTML 2.0. It's also being viewed by many as the standards-based alternative to Microsoft's XDocs. Now's your chance to try it out and submit your comments, before the official Recommendation comes out in a few months."

16 of 31 comments (clear)

Min score:

Reason:

Sort:

uhmmmm by ivanandre · 2002-11-13 06:35 · Score: 2, Interesting

Very interesting, and useful too for us web developers... but its the standard besides Microsoft standard...
1. Re:uhmmmm by King+of+the+World · 2002-11-13 07:28 · Score: 2
  
  Any idea of browser support? (I'd expect some as Xform has been around for a while now)
  
  (the Microsoft ASP.NET validation stuff uses proprietary DOM - but there is a DOM version now that works in Mozilla)
  
  --
  --Giving to trolls for the benefit of us all
XForms? by gaj · 2002-11-13 06:42 · Score: 3, Interesting

This should make the folks over at XForms happy! Isn't it neat the way we reuse names?
I thought that XForms was pretty much moribund, mostly caused (IMHO) by the "only free for non-comercial use" license. It appears that I was wrong, though. In fact, it looks like the soon to be released 1.0 will be licensed under LGPL. Too bad about the name clash, though.
But please... by Anonymous+Cowdog · 2002-11-13 06:55 · Score: 3, Interesting

Developers, please refrain from making validation so anal that it becomes unusable. People like Jennifer 8 Lee (NYT reporter) should be able to enter their name into a web form name field, for example. And sometimes people want to enter letters into phone number fields, for valid reasons (like spelling a phone number to help the recipient remember it, or to make a point). Please don't make things too restrictive.
1. Re:But please... by ceejayoz · 2002-11-13 07:33 · Score: 2
  
  And sometimes people want to enter letters into phone number fields, for valid reasons (like spelling a phone number to help the recipient remember it, or to make a point).
  
  When I ask for a telephone number, I don't want the sender to make it easier to remember or "make a point." I want their telephone number. Heck, if I'm storing it in a database as an integer, allowing them to enter text will just result in a blank data value in the database. Whoops.
  
  Jennifer Lee won't have any problems entering her name without the middle name, and she could just put Jennifer Eight Lee if she really wanted to.
2. Re:But please... by realgone · 2002-11-13 09:31 · Score: 2
  
  And sometimes I feel like providing GPS coordinates for my mailing address and an MP3 of modulated tones for my phone number, but that doesn't mean I should be accomodated in most cases.
  Poorly implemented validation, to my mind, would be not letting someone use hyphens in their credit card number or rejecting any and all zip codes that don't include a zip-plus. Asking that Jennifer 8 or The Symbol Formerly Known As The Artist Formerly Known As Prince partake of the alphabet every once in a blue moon, on the other hand, seems like a rather reasonable request.
3. Re:But please... by Khalid · 2002-11-13 13:00 · Score: 2
  
  When you store "something" as an integer that means that you want to perform arithmetic operations on it. I don't think that adding, or substracting phone numbers will bring you something :)
4. Re:But please... by Muggins+the+Mad · 2002-11-13 14:16 · Score: 2
  
  > When I ask for a telephone number, I don't want the sender to make it easier to remember or
  > "make a point." I want their telephone number. Heck, if I'm storing it in a database as an
  > integer, allowing them to enter text will just result in a blank data value in
  > the database. Whoops.
  
  That's something that really bugs me about forms that require a phone number with only integers.
  
  What's my phone number? Is it what my neighbour would dial? Is it what someone in a different
  city in the same country would dial? Is it what you, the person asking would have to dial -
  which I'm very unlikely to know?
  
  When I fill in my number I indicate that it's an
  "international" number with a +
  In my case +64-9-xxxxxxxx
  to indicate that it's New Zealand(64) - Auckland(9) - number
  
  As far as I'm aware that's a standard.
  
  if I don't put the plus, the number is pretty much useless to you. Most web forms don't seem
  to let me put it.
  
  - Muggins the Mad
5. Re:But please... by Lars+Arvestad · 2002-11-13 22:09 · Score: 2
  
  Given the way you have written your email address ({moc.zoyajeec} {ta} {jc}), I am surprised about your reaction. When submitting my email adress, I often try to add a suffix "+slashdot" (for example "arve+slashdot@some.domain.org") or similar to enable some tracking of where the adresses are distributed, since my mail server apparently supports that. It is not unusual that this perfectly legal email address is refused.
  Furthermore, I live in Sweden and our addresses look nothing like US standard adresses. This is almost often troublesome. Recently, I was forced to enter a state even though I elsewhere had submitted "Sweden" rather than "USA" as country. (I chose Alaska!)
  The list goes on. Most often, overzealaous validation is simply wrong. I todays global society, it is simply too hard to know every acceptable format, and you are better off being a bit relaxed about it. "Jennifer 8 Lee" is a perfectly valid string in a database.
  
  --
  Reality or nothing.
6. Re:But please... by ceejayoz · 2002-11-14 03:38 · Score: 2
  
  Given the way you have written your email address ({moc.zoyajeec} {ta} {jc}), I am surprised about your reaction.
  
  That's Slashdot's automatic anti-spam formatting, it changes weekly.
  
  Furthermore, I live in Sweden and our addresses look nothing like US standard adresses.
  
  Any site that deals with international visitors should be prepared to handle them. If it's not, that's not a validation problem - that's a problem with the company not understanding their customers. It's a completely different problem.
Interesting thread @bugzilla by an_mo · 2002-11-13 07:34 · Score: 3, Informative

An interesting thread to read is here in this mozilla bug
Nonono.. don't client validate! by sporty · 2002-11-13 07:49 · Score: 2

...includes built-in client-side validation and calculations...

Never trust the client to do validation of data!!!! How do you think people cheat at quake etc etc... it's 'cause the final calculation is not done in the server!!!

Thank you.

--
-
ping -f 255.255.255.255 # if only
1. Re:Nonono.. don't client validate! by aridhol · 2002-11-13 08:51 · Score: 2
  
  Yes, you can do client validation. This will reduce bandwidth when someone misses a field in filling the form, or puts letters in the phone number, or whatever. However, this should not be the only validation. Instead, the client should be used for initial validation, but the server should validate again before acting on the data.
  
  --
  I can't say that I don't give a fuck. I've just run out of fuck to give.
2. Re:Nonono.. don't client validate! by Anonymous Coward · 2002-11-13 09:14 · Score: 2, Insightful
  
  Never trust the client to do validation of data!!!!
  
  Of course not. Just because you don't trust the client doesn't mean you don't let them. Client-side validation is for the benefit of the client. The nice thing is, now that validation is in the form definition, you can use the same definition to perform the server-side validation as well.
3. Re:Nonono.. don't client validate! by Spy+Hunter · 2002-11-13 10:02 · Score: 4, Insightful
  
  You still validate the data on the server. Duh. The idea with client-side validation is that the browser can tell the user what's wrong with the form while they're typing in the data instead of after they hit the submit button and get a form page back with big red text telling them they did it wrong.
  
  --
  main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
I disagree -- client validation a handrail by 0x0d0a · 2002-11-13 10:43 · Score: 2

I strongly disagree with what you're placing in here. Client validation should be a *handrail*. It is intended to do nothing more than help the user not accidently enter a data field in a format that the server will reject, like July 30, 2002 instead of 7/30/2002. It should never fail on potentially valid data. You want heavyweight validation, use the *server*. (Matter of fact, client-side output should never be trusted, as more and more "web programmers" seem to think is a good idea).

If someone wants to enter a bogus name, they're going to do it. Overzealous "validation" is a PITA for a bunch of people. Why do it? Your "checking" above doesn't help security or the integrity of your database in the least. Now, I will grant that if someone *accidently* writes a sentence describing themselves instead of their name in the name field, then indeed, your solution would have caught something that mine would not have. However, I'm quite dubious as to the value of this (how often do people make mistakes like this?), but I'm quite certain that Jennifer and Prince are not tremendously thrilled with your refusing to accept legal names.

--
May we never see th