[cgiapp] Re: Usefulness of the FillInForm plugin since the HTML::FillInForm 2.0 release?

Mark Stosberg mark at summersault.com
Mon Mar 30 12:08:52 EDT 2009 

> I'm wondering if it's time to quit recommending the FillInForm plugin. 
> The way I see it, it has about 3 features, all now of questionable value:
> 
> 1. It provides a more convenient syntax than HTML::FillInForm 1.x did. These
> deficiences were fixed in HTML::FillInForm 2.0.
> 
> 2. It defaults the data source to $self->query.
> I don't find that exceptionally useful. It could even be considered an security
> risk to be passing data unchecked from the query on to a new HTML page. Using a
> trusted data source like a Data::FormValidator result or a database row is
> usually a better option. 
> 
> 3. It automatically ignores the 'rm' field for you, by taking it as the value
> of mode_param(). That's a nice bit of integration, but it seems that
> mode_param() can work several different ways, and it won't always return the
> name of a query parameter that holds the name of the run mode call. This
> feature also adds no value in the context of dispatching. 

Later I thought of one way that the FillInForm adds value: Purely the
abstraction of having a method we control rather than third-party module
interface.

I was thinking in particular about Titanium, which includes this plugin,
but also how there is an interest in a pure-perl alternative to
HTML::FillInForm (or rather, the HTML parser behind it). 

By keeping a fill_form() method, we have extra flexibility in how we
achive that. We *may* achieve it by convincing the HTML::FillInForm
modules to support an alternative Pure Perl backend. But, but keeping
the method abstraction, we also have the possibility of implementing a
compatibile Pure Perl solution with a completely different module,
with full backcompat for Titanium users. 

At least, we could clean-up how the FillInForm plugin is implemented. By
requiring HTML::FillInForm 2.0 for now, the guts of it could be
noticeably simplified.

    Mark

-- 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . 
   Mark Stosberg            Principal Developer  
   mark at summersault.com     Summersault, LLC     
   765-939-9301 ext 202     database driven websites
 . . . . . http://www.summersault.com/ . . . . . . . .

More information about the cgiapp mailing list