Re: Form validation - server-side (Dancer) and client-side (javascript)

I haven't tried this yet (I will on my next project), but it seems like an elegant solution to me: Create a validate() sub on the server side, that takes a hashref of params as an argument and returns an error string if anything doesn't validate. Then this can be called from both POST and ajax routes. On the client side, all you need is a bit of code that calls the ajax route with the form params before allowing the POST call to proceed.

Not only does that eliminate duplication, but by not having the validation code on the client side at all, it's more secure, since the client can't look at the page source and see what your validator expects.

Comment on Re: Form validation - server-side (Dancer) and client-side (javascript)

Replies are listed 'Best First'.
Re^2: Form validation - server-side (Dancer) and client-side (javascript) by Anonymous Monk on Aug 26, 2011 at 13:23 UTC
Not only does that eliminate duplication, but by not having the validation code on the client side at all, it's more secure, since the client can't look at the page source and see what your validator expects. Since you're always supposed to do server side validation, like the OP does using FormFu, it is not more secure The point of client-side validation is saving server cpu/bandwidth, and instant notification for the user	[reply]

Replies are listed 'Best First'.

Re^2: Form validation - server-side (Dancer) and client-side (javascript)
by Anonymous Monk on Aug 26, 2011 at 13:23 UTC

Since you're always supposed to do server side validation, like the OP does using FormFu, it is not more secure

The point of client-side validation is saving server cpu/bandwidth, and instant notification for the user

[reply]