[cgiapp] [Fwd: Re: ValidateRM not PP]

P Kishor punkish at eidesis.org
Sun Jan 25 20:17:22 EST 2009 

On Sun, Jan 25, 2009 at 7:00 PM, Lyle <webmaster at cosmicperl.com> wrote:
> Joshua Miller wrote:
>>
>> As for HTML::FillInForm, it's better to do nothing, than to use some
>> regexp. I believe that is the point to which Ron was pointing. Using a
>> regexp can cause you far more problems than good. That's not to say a
>> pure-perl parser cannot be written, but that hand-writing a regex to
>> attempt to half-ass the job is a horrible idea... you'll cause more
>> problems than it's worth. It's still up to you, so you've been warned.
>>
>
> I've been reading up on it. It's true that a regexp will always break. A
> collection of regexps working to get individual parts would be better, but
> still break in some circumstances. Writing a Scanner -> Lexer -> Parser in
> Pure Perl would be ideal, but not without it's own problems.
>
>> As for validation, your suggestion to "not do any form validation with
>> Perl as much as possible" is beyond bad advice. If anything, the
>> advice should be reversed (and this is coming from the author of
>> Data.FormValidator.js, which the following post recommends). The whole
>> point of Data.FormValidator.js is to encourage backend validation
>> along with frontend validation, and when issues arise, to encourage
>> the use of backend validation.
>>
>
> I don't think he meant "not do any form validation with Perl as much as
> possible". I think that came across wrong, as he later made a comment "Then,
> on the server, check for sanity and security.". I think he was trying to say
> you should try and have JavaScript as well to reduce calls to the server
> which is more costly... I could be wrong...

You are correct. I was indeed saying that catch as much as possible on
the client side using JavaScript. That makes for great user experience
instead of round-tripping the erroneous entry. Then, on the server
side, do all the sanity checks... what if JavaScript was turned off
(although, more and more, that is going to be less and less), what if
someone poked your server directly without going through your browser,
etc.

I am a big fan of jQuery, and try to implement most form entry checks
on the browser using jQuery.

Ok... back to the original thread... yes, "something" is worse than
tested, complete, compiled modules, but "something" can also be better
than "nothing."


>
>> I'd second the "ever" qualification on using a hand made regex to
>> replace a real html  parser. It simple doesn't makes any sense. Find
>> an html parser that is pure perl, and extend it - I'm sure there are
>> ones out there.
>>
>
> I've looked for one, the only one I could find is HTML::TagParser but it
> isn't suitable as it can't be used to recreate the page. Also looking at the
> source it uses regexp.
>
> As much as the idea of writing a Pure Perl parser intrigues me, I don't have
> the time :( Especially as at this time I wouldn't actually be using it (my
> script is generating all the html input tags and parsing them into the html
> template).
>
> Maybe I'll add it to one of my "would like to do at some point if I get
> chance lists"...
>
>
> Lyle
>

>
>



-- 
Puneet Kishor http://www.punkish.org/
Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/
Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/

More information about the cgiapp mailing list