Slashdot Mirror

← Back to Stories (view on slashdot.org)

WHATWG calls for 'Last' Comments on Web Forms

Posted by timothy on from the they-should-be-rounder-and-firmer dept.

hixie writes " The W3C recently acknowledged a version of the Web Forms 2.0 draft submitted to the W3C by Mozilla and Opera. Meanwhile the WHATWG has updated the Web Forms draft and released a new call for comments. Send them in!"

7 of 22 comments (clear)

  1. What Working Group?? by cylcyl · · Score: 3, Funny

    What does the What Working group work on ?? What? What?

    1. Re:What Working Group?? by AntsInMyPants · · Score: 5, Informative
      From the main page linked to in the article...

      What is the Web Hypertext Application Technology Working Group?

      It is a loose unofficial collaboration of Web browser manufacturers and interested parties who wish to develop new technologies designed to allow authors to write and deploy Applications over the World Wide Web.

      The working group mailing list is an open subscription public mailing list and anyone is welcome to contribute.

      The focus of this working group is limited to technologies that will need to be directly implemented in Web browsers. It is not the right forum for very domain-specific proposals that would not be suitable for implementation in, for instance, Safari, Firefox, or Opera.

  2. Input validation schemes by Magic+Thread · · Score: 2, Informative
    From W3C's summary:
    The ability to mark a form field as required (ie. the user must complete the field before the form is submitted).
    Maybe I'm being paranoid, but can anyone else see lazy PHP coders relying on this, and forgetting to do proper server-side input checking? I mean, essentially you're just having to check everything twice... what was wrong with returning a page informing the user of his or her mistakes, exactly?
    1. Re:Input validation schemes by Nasarius · · Score: 3, Insightful
      Maybe I'm being paranoid, but can anyone else see lazy PHP coders relying on this, and forgetting to do proper server-side input checking?

      No need to pick on the PHP coders -- you can just as easily write unchecked Perl, ASP, Python, etc -- but yes, some of the biggest website vulnerabilities are caused by relying too much on JavaScript to validate input.

      I mean, essentially you're just having to check everything twice... what was wrong with returning a page informing the user of his or her mistakes, exactly?

      It's a little faster for the user (instant feedback on any mistakes), and it saves a tiny bit of server resources. And it should replace all the JavaScript hacks with one standard interface.

      --
      LOAD "SIG",8,1
    2. Re:Input validation schemes by hhlost · · Score: 2, Informative

      It's a little faster for the user (instant feedback on any mistakes), and it saves a tiny bit of server resources.

      Depends on what's being uploaded. If it's large, then it could be a lot faster for the user and save a lot of server resources.

    3. Re:Input validation schemes by krumms · · Score: 2, Interesting

      It's a little faster for the user (instant feedback on any mistakes), and it saves a tiny bit of server resources. And it should replace all the JavaScript hacks with one standard interface.

      What's to stop server side code from parsing the XForms (or Web Forms or whatever your choice of poison is) to extract validation information, and then do the _exact_ same checks on the server side? Why, it even makes your code more easily maintainable.

      I do something similar to this with my PHP framework using XML documents (for those wondering about the efficiency: so far it's been good enough for me, but with my framework there's nothing stopping one from cacheing the generated code as PHP, changing a line in a config file and continuing on without any interface changes), though I've not yet chosen my poison in terms of a standardized format: I'd like to just go with XForms, but who knows what bastardized format we'll be using in a few years time ...

  3. this bit made me laugh... by dash2 · · Score: 2, Funny

    Similarly, attributes are defined to accept values that conform to certain syntaxes, but it is possible for authors to violate these constraints.

    Authors must not do this. User agent implementors may curse authors who violate these rules, and may persecute them to the full extent allowed by applicable international law.

    You can tell these guys have experience doing real implementations...