Re: Re: Re: Re: A problem use CGI.pm

Thank you kutsu for that very simple and elegant solution (I'm learning to untaint user input this very moment and this is helpful).

However, at the risk of being OT, menolly and other monks, I really do wonder what the percentage is of people who are surfing sans-javascript (JS). With the plethora of helpful pop-up windows, DHTML menus and other tricks, how is this possible? What about Flash? I have a personal aversion to sites that are only Flash and usually skip them. How much am I missing?

Secondly, do we webbies code for non-JS surfers? Or is this akin to coding web-safe colors, 640x480 monitors, and Netscape 4.7?

Lastly, even though we need to validate on the server-side, JS on the client side can validate input and return an error so much faster than the Perl which has to refresh the screen each time.

It is the dilema I'm facing now as I learn to code Perl accurately and securely, and not miss out on all the fun of JS and DHTML brings the pure designer (who is avoiding Flash). Let the debate rage!

Comment on Re: Re: Re: Re: A problem use CGI.pm

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: A problem use CGI.pm by tilly (Archbishop) on Nov 02, 2003 at 19:16 UTC
The following should be axiomatic: Don't trust the client. Some day someone malicious will try to give you invalid input to see what will happen. A significant and growing fraction of users have some form of pop-up blocker installed. Assume that any pop-up will not be seen. Older users use low resolutions even on monitors that support high resolution. Any web designer who assumes that the general public has the eyesight of a 20 year old should be fired. With prejudice. Users understand user interfaces differently than programmers do. What is obvious to you will never be figured out by them. If you don't have a UI specialist, then you need to learn something about good UI design because you will get it wrong. As for the proportion of people who do not use JavaScript, it is fairly low, but far higher in any technically related website.	[reply]
Re: Re: Re: Re: Re: A problem use CGI.pm by menolly (Hermit) on Nov 03, 2003 at 17:56 UTC
The key principle, to me, is to fail gracefully. Use all the bells and whistles you like, but make sure your core functionality is accessible to users without all that. Say the low income blind person(1) or the curmudgeonly old-school geek using Lynx. Or the security-conscious user with all client-side scripting disabled. It's a little more design effort, but it's not that hard. If you can't implement a particular function without the extra stuff, perhaps you need to re-think that feature. ("Do X in one click" is not, for purposes of this argument, a feature. "Do X" is.) (1) There are screen readers that work with GUIs. They're expensive.	[reply]
Re: Re: Re: Re: Re: A problem use CGI.pm by kutsu (Priest) on Nov 02, 2003 at 18:45 UTC
Personally I try to avoid using javascript, and have javascript disabled, as much as possible. Yet, until perlscript, or some new invention, is as widely usable as javascript, I will continue to need it for various applications. The only reason I meantioned using perl was that I prefer perl to check variable tainting and the if statements could be changed to run a sub that will do something in javascript. "Pain is weakness leaving the body, I find myself in pain everyday" -me	[reply]