Rails'' validation model is very nice, but AFAICT, there''s zero support for client-side validation. Are there any plans for adding client-side validation iun the future? david
On Sat, 2005-07-23 at 17:16 -0600, David Geary wrote:> Rails'' validation model is very nice, but AFAICT, there''s zero > support for client-side validation. Are there any plans for adding > client-side validation iun the future?Never trust client side validation. It is easily spoofed or disabled. That said, there is nothing in rails that stops you from adding your own javascript validation to direct the user to enter valid values before allowing the submit to finish. -- Steven Critchfield critch-wQLwMjUOumVBDgjK7y7TUQ@public.gmane.org KI4KTY
Yes, it can be spoofed or disabled. But it can also give rapid feedback to the user instead of doing the roundtrips around the server. Validation on the client is a compliment to server validation and the server validation should never be turned off. But it would be very nice if the form helpers could try to generate javascript validation based on validation rules (validates_xxx methods) set in the model without having to do anything explicit (except for passing an option flag or something like that). /Marcus -----Original Message----- From: rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org [mailto:rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On Behalf Of Steven Sent: den 24 juli 2005 02:01 To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org Subject: Re: [Rails] Client-side validation? On Sat, 2005-07-23 at 17:16 -0600, David Geary wrote:> Rails'' validation model is very nice, but AFAICT, there''s zero support> for client-side validation. Are there any plans for adding client-side> validation iun the future?Never trust client side validation. It is easily spoofed or disabled. That said, there is nothing in rails that stops you from adding your own javascript validation to direct the user to enter valid values before allowing the submit to finish. -- Steven Critchfield critch-wQLwMjUOumVBDgjK7y7TUQ@public.gmane.org KI4KTY _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
That would be insanely cool. I''m writing these sorts of ''active validators'' by hand right now, and that''s fine.. but I''m a huge fan of reducing the number of maintenance points in an app. Right now, if I rename a database column, I have potentially a dozen places to modify inside the Rails app. Generated Javascript validators would reduce that by at least two.. --Wilson. Marcus Andersson wrote:> Yes, it can be spoofed or disabled. But it can also give rapid feedback > to the user instead of doing the roundtrips around the server. > Validation on the client is a compliment to server validation and the > server validation should never be turned off. > > But it would be very nice if the form helpers could try to generate > javascript validation based on validation rules (validates_xxx methods) > set in the model without having to do anything explicit (except for > passing an option flag or something like that).
+5 Wilson wrote:> That would be insanely cool. > I''m writing these sorts of ''active validators'' by hand right now, and > that''s fine.. but I''m a huge fan of reducing the number of maintenance > points in an app. Right now, if I rename a database column, I have > potentially a dozen places to modify inside the Rails app. Generated > Javascript validators would reduce that by at least two.. > > --Wilson. >_______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 7/24/05, David Geary <sabreware-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org> wrote:> Rails'' validation model is very nice, but AFAICT, there''s zero > support for client-side validation. Are there any plans for adding > client-side validation iun the future?Hey David, I used to miss my client side validation too. However the user experience isn''t really that good, with most of the implementations I''ve used (commons-validator et. al.) The user fills out the form, hits submit and gets a modal dialog telling him ''name is too short''. She hits ok and the dialog is gone, and no indication of what she did wrong. Assuming she remembers it was name that was bad, and that it was too short, she fills it out, hits submit and gets another error, ''age is required''. It''s a bit too much like ''one armed bandit'' UI. press a few buttons, pull a lever "nope", press some other buttons, pull a lever, "nope", press a few other buttons, pull a lever "ding ding ding". We turned off client side validation at the day job(struts-validator), and the users love it. They see all the errors on the page, the fields can be highlighted and the turnaround time isn''t really noticable. Having said that, it shouldn''t be too tough, you can inspect the model and find out what validations apply to a field and add hooks to the forms. Just remember, backwards compatibility is king ;) -- Cheers Koz
You need to look at qForms from pengoworks.com then. It''s an ideal client side validation library. On 7/23/05, Michael Koziarski <koziarski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 7/24/05, David Geary <sabreware-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org> wrote: > > Rails'' validation model is very nice, but AFAICT, there''s zero > > support for client-side validation. Are there any plans for adding > > client-side validation iun the future? > > Hey David, > > I used to miss my client side validation too. However the user > experience isn''t really that good, with most of the implementations > I''ve used (commons-validator et. al.) > > The user fills out the form, hits submit and gets a modal dialog > telling him ''name is too short''. She hits ok and the dialog is gone, > and no indication of what she did wrong. Assuming she remembers it > was name that was bad, and that it was too short, she fills it out, > hits submit and gets another error, ''age is required''. It''s a bit > too much like ''one armed bandit'' UI. press a few buttons, pull a > lever "nope", press some other buttons, pull a lever, "nope", press a > few other buttons, pull a lever "ding ding ding". > > We turned off client side validation at the day job(struts-validator), > and the users love it. They see all the errors on the page, the > fields can be highlighted and the turnaround time isn''t really > noticable. > > Having said that, it shouldn''t be too tough, you can inspect the model > and find out what validations apply to a field and add hooks to the > forms. Just remember, backwards compatibility is king ;) > > > -- > Cheers > > Koz > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Marlon "I don''t know where I''m going Only God knows where I''ve been I''m a devil on the run A six gun lover A candle in the wind "
FWIW, ASP.NET has decent JS validation. It''s not cross-browser functional, but it''s probably worth looking at ITO general approach and implementation. ASP.NET has basic validation controls (In Rails they equate to validates_presence_of, validates_format_of, validates_length_of, and a few others) which have server-side and client-side (JS) aspects. If you attach a validator to a text field on the server-side it will include a JS onclick event that calls a master validation JS file (link below). You can even create custom validators (like a credit card syntax validator) that will insert their JS validation (you have to write it) into the page that hooks into the validation mechanism (like content_for_script). If the browser doesn''t like the JS (by failing an initial test), it downgrades gracefully and just POSTs the page back and the server- side validation will return the page with the errors. You can pull the master JS validation file from any ASP.NET site (such as ... asp.net). Most ASP.NET sites use the default path for the validation JS. http://www.asp.net/aspnet_client/system_web/1_1_4322/webuivalidation.js You can read MS''s documentation on ''Client-Side Validation for ASP.NET Server Controls'' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ vbcon/html/vbconclient-sidevalidation.asp The Mono project may have an implementation that works in more browsers, but I haven''t checked. Finally, ASP.NET 2.0, which is in ''beta'', probably has a better implementation, but I have not looked at it at all. That time has been spent learning a different web framework ;) Having now said all this, the Rails implementation could skip using duplicate JS versions of it''s validators (like ASP.NET) altogether and just implement observe_field hooks. You could set them per-field or globally (i.e. a setting like ActiveRecord::Base.use_clientside_validation). If the browser is not AJAX compliant it could downgrade to the duped JS validation (a stage 1 downgrade) or just POST back. Matt On Jul 23, 2005, at 10:50 PM, Marlon Moyer wrote:> You need to look at qForms from pengoworks.com then. It''s an ideal > client side validation library. > > > On 7/23/05, Michael Koziarski <koziarski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> On 7/24/05, David Geary <sabreware-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org> wrote: >> >>> Rails'' validation model is very nice, but AFAICT, there''s zero >>> support for client-side validation. Are there any plans for adding >>> client-side validation iun the future? >>> >> >> Hey David, >> >> I used to miss my client side validation too. However the user >> experience isn''t really that good, with most of the implementations >> I''ve used (commons-validator et. al.) >> >> The user fills out the form, hits submit and gets a modal dialog >> telling him ''name is too short''. She hits ok and the dialog is >> gone, >> and no indication of what she did wrong. Assuming she remembers it >> was name that was bad, and that it was too short, she fills it out, >> hits submit and gets another error, ''age is required''. It''s a bit >> too much like ''one armed bandit'' UI. press a few buttons, pull a >> lever "nope", press some other buttons, pull a lever, "nope", >> press a >> few other buttons, pull a lever "ding ding ding". >> >> We turned off client side validation at the day job(struts- >> validator), >> and the users love it. They see all the errors on the page, the >> fields can be highlighted and the turnaround time isn''t really >> noticable. >> >> Having said that, it shouldn''t be too tough, you can inspect the >> model >> and find out what validations apply to a field and add hooks to the >> forms. Just remember, backwards compatibility is king ;) >> >> >> -- >> Cheers >> >> Koz >> _______________________________________________ >> Rails mailing list >> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >> http://lists.rubyonrails.org/mailman/listinfo/rails >> >> > > > -- > Marlon > > "I don''t know where I''m going > Only God knows where I''ve been > I''m a devil on the run > A six gun lover > A candle in the wind " > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails > >Matt Pelletier pelletierm-A1PILTyJ15gXhy9q4Lf3Ug@public.gmane.org
On Jul 24, 2005, at 4:19 AM, Matt Pelletier wrote:> validates_length_of, and a few others) which have server-side and > client-side (JS) aspects. If you attach a validator to a text field > on the server-side it will include a JS onclick event that calls a > master validation JS file (link below). You can even create custom > validators (like aSorry, I was slightly incorrect. Attaching a validator to a text field doesn''t attach an onclick attribute to the text field (what would be the point), it just adds that field to an array of fields that gets checked during the main JS validation function that is called when you submit the form. Matt> > Matt > > On Jul 23, 2005, at 10:50 PM, Marlon Moyer wrote: > > >> You need to look at qForms from pengoworks.com then. It''s an ideal >> client side validation library. >> >> >> On 7/23/05, Michael Koziarski <koziarski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> >> >>> On 7/24/05, David Geary <sabreware-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org> wrote: >>> >>> >>>> Rails'' validation model is very nice, but AFAICT, there''s zero >>>> support for client-side validation. Are there any plans for adding >>>> client-side validation iun the future? >>>> >>>> >>> >>> Hey David, >>> >>> I used to miss my client side validation too. However the user >>> experience isn''t really that good, with most of the implementations >>> I''ve used (commons-validator et. al.) >>> >>> The user fills out the form, hits submit and gets a modal dialog >>> telling him ''name is too short''. She hits ok and the dialog is >>> gone, >>> and no indication of what she did wrong. Assuming she >>> remembers it >>> was name that was bad, and that it was too short, she fills it out, >>> hits submit and gets another error, ''age is required''. It''s a bit >>> too much like ''one armed bandit'' UI. press a few buttons, pull a >>> lever "nope", press some other buttons, pull a lever, "nope", >>> press a >>> few other buttons, pull a lever "ding ding ding". >>> >>> We turned off client side validation at the day job(struts- >>> validator), >>> and the users love it. They see all the errors on the page, the >>> fields can be highlighted and the turnaround time isn''t really >>> noticable. >>> >>> Having said that, it shouldn''t be too tough, you can inspect the >>> model >>> and find out what validations apply to a field and add hooks to the >>> forms. Just remember, backwards compatibility is king ;) >>> >>> >>> -- >>> Cheers >>> >>> Koz >>> _______________________________________________ >>> Rails mailing list >>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >>> http://lists.rubyonrails.org/mailman/listinfo/rails >>> >>> >>> >> >> >> -- >> Marlon >> >> "I don''t know where I''m going >> Only God knows where I''ve been >> I''m a devil on the run >> A six gun lover >> A candle in the wind " >> _______________________________________________ >> Rails mailing list >> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >> http://lists.rubyonrails.org/mailman/listinfo/rails >> >> >> > > Matt Pelletier > pelletierm-A1PILTyJ15gXhy9q4Lf3Ug@public.gmane.org > > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails > >Matt Pelletier pelletierm-A1PILTyJ15gXhy9q4Lf3Ug@public.gmane.org
David Geary wrote:> Rails'' validation model is very nice, but AFAICT, there''s zero > support for client-side validation. Are there any plans for adding > client-side validation iun the future?I started implementing a patch for this a while ago, but then got distracted by exams and such. You can find my research patch (which is more a proof-of-concept) here: http://dev.rubyonrails.com/ticket/861 What it basically does is: * adds reflections support for validation, so that you can query which validations are defined for a model * keep track of fields for which input fields have been generated in a view * generate JS validation for these fields Another approach would be to use the AJAX stuff for validation. This has the advantage of not needing to reimplement all validations in javascript. However, it introduces some round-trip. I''m willing to work on this again but some feedback would be helpful. Do people think, the "pure" client-side JS is more useful than some AJAX-validation or vice versa? And is there someone willing to help out with writing the actual javascript validation code? David, I guess this functionality should only be included after 1.0 is out? Sebastian
I think client-side stuff, if added, should not hit the server and should be entirely optional and, preferably, default to ''off'' I''d be more than happy to help out with the JS lib. On Jul 24, 2005, at 6:33 PM, Sebastian Kanthak wrote:> David Geary wrote: > > >> Rails'' validation model is very nice, but AFAICT, there''s zero >> support for client-side validation. Are there any plans for adding >> client-side validation iun the future? >> > > I started implementing a patch for this a while ago, but then got > distracted by exams and such. You can find my research patch (which is > more a proof-of-concept) here: http://dev.rubyonrails.com/ticket/861 > > What it basically does is: > * adds reflections support for validation, so that you can query which > validations are defined for a model > * keep track of fields for which input fields have been generated > in a view > * generate JS validation for these fields > > Another approach would be to use the AJAX stuff for validation. > This has > the advantage of not needing to reimplement all validations in > javascript. However, it introduces some round-trip. > > I''m willing to work on this again but some feedback would be > helpful. Do > people think, the "pure" client-side JS is more useful than some > AJAX-validation or vice versa? And is there someone willing to help > out > with writing the actual javascript validation code? > > David, I guess this functionality should only be included after 1.0 > is out? > > Sebastian > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On Monday 25 July 2005 00:33, Sebastian Kanthak wrote:> David Geary wrote: > > Rails'' validation model is very nice, but AFAICT, there''s zero > > support for client-side validation. Are there any plans for adding > > client-side validation iun the future? > > I started implementing a patch for this a while ago, but then got > distracted by exams and such. You can find my research patch (which > is more a proof-of-concept) here: > http://dev.rubyonrails.com/ticket/861[snip]> I''m willing to work on this again but some feedback would be helpful. > Do people think, the "pure" client-side JS is more useful than some > AJAX-validation or vice versa? And is there someone willing to help > out with writing the actual javascript validation code?Where possible, I''d like to use continuous client-side validation. That is, the user sees instantly which fields are (in)valid. I''ve got a validator that is entirely declarative as far as connecting validation functions to fields are concerned. See http://www.schuerig.de/michael/javascript/#id2477426 There''s no documentation yet (sigh), but there are unit tests that may help get the gist of how things work. The main idea is to annotate form elements with class attributes that describe their semantics. Therefore I''m using (possibly multiple) class names such as "mandatory", "numeric", "zip". But also more involved stuff such as "validate_different_1" where all fields with this class ("group 1") must have different values. I don''t have, and don''t intend to add, validations based simply on the length of a value. Checks of that kind are semantically impoverished; I want the opposite. Ideally, I would use named validation constraints on the client- as well as the server-side, implemented in JavaScript and Ruby/Rails respectively. Thus, when it comes to reflection on validations, I''m not so much interested in the low-level details of the check, but rather in a high-level name that conveys the meaning. Currently, I''ve got things working from the DB to the browser for NOT NULL columns. I''m using patched abstract/mysql/postgresql_adapters that add ActiveRecord::ConnectionAdapters::Column#is_nullable. Based on this, validates_presence_of_mandatory_properties expands to individual validates_presence_of validations. When generating the HTML, extended versions of ActionView::Helpers::InstanceTag#tag/#content_tag take into account whether the property in question is mandatory and add the "mandatory" class behind the scenes. Below is some of the code. Michael require ''active_record/validations'' module BoilerPlate # :nodoc: module RailsExtensions # :nodoc: module Validations # :nodoc: def self.append_features(base) super base.extend(ClassMethods) end module ClassMethods # Validates the presence of attributes and associations # where, according to database metadata, the corresponding # column must not be +null+. def validates_presence_of_mandatory_properties validates_presence_of(*mandatory_properties) end def is_mandatory_property?(column_name) column_name = column_name.without_suffix(''_id'') mandatory_macro = reflect_on_validations_for(column_name).find do |macro| macro.macro == :validates_presence_of end !mandatory_macro.nil? end def mandatory_properties return @mandatory_properties if @mandatory_properties @mandatory_properties = [] all_content_columns.find_all { |col| !col.is_nullable }.each do |col| @mandatory_properties << col.name.without_suffix(''_id'') unless col.name == ''id'' end @mandatory_properties end end end end end require ''active_record/base'' module BoilerPlate # :nodoc: module RailsExtensions # :nodoc: module ColumnsExtensions # :nodoc: def self.append_features(base) super base.extend(ClassMethods) end module ClassMethods def all_content_columns return @all_content_columns if @all_content_columns @all_content_columns content_columns.reject { |c| c.name == ''lock_version'' } + association_columns end def association_columns # Gaaah, this hurts. # Did I not look hard enough or is it really not there in Rails? assocs = reflect_on_all_associations return [] unless assocs assoc_columns = [] assocs.each do |assoc| next unless assoc.macro == :belongs_to name = assoc.options[:foreign_key] if name.nil? name = Inflector.underscore(assoc.options[:class_name] || assoc.name).foreign_key end assoc_columns << name end assoc_columns.map { |ac| columns.find { |c| c.name == ac } } end end end end end require ''action_view/helpers/form_helper'' module ActionView # :nodoc: module Helpers # :nodoc: class InstanceTag # :nodoc: alias_method :tag_without_mandatory, :tag def tag(name, options = {}) if is_mandatory tag_without_mandatory(name, add_class_name!(options, ''mandatory'')) else tag_without_mandatory(name, options) end end alias_method :content_tag_without_mandatory, :content_tag def content_tag(name, content, options = {}) if is_mandatory content_tag_without_mandatory(name, content, add_class_name!(options, ''mandatory'')) else content_tag_without_mandatory(name, content, options) end end private def is_mandatory return false unless method_name return false unless object.class.respond_to? (''is_mandatory_property?'') object.class.is_mandatory_property?(method_name) end def add_class_name!(options, className) options = options.stringify_keys classNames = options[''class''] if classNames.blank? classNames = className else classNames += '' '' + className unless classNames.include? (className) end options[''class''] = classNames options end end end end -- Michael Schuerig You can twist perceptions mailto:michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org Reality won''t budge http://www.schuerig.de/michael/ --Rush, Show Don''t Tell