- From: Greg Kilwein <gkilwein@fbsdata.com>
- Date: Mon, 13 Dec 2004 16:04:49 -0600
dolphinling wrote: > Ian Hickson wrote: > >> On Sun, 12 Dec 2004, Ben Meadowcroft wrote: >> >>>>> I don't feel like doing a detailed readthrough of the spec again >>>>> (though I did glance at parts that looked relevant), but is there >>>>> anything in WF2 that allows only parts of a form that have changed >>>>> from their default value to be submitted? >>>> >>>> >>>> There isn't; what would the use case be? >>> >>> >>> Seriously though I recently had to frig this by adding hidden form >>> elements using Javascript to the form on an onchange handler >>> indicating when a field had been changed so you don't have to do >>> lookups on the backend data first to decide if there has been a >>> change or not. >> >> >> >> Be very careful with this -- you should always assume that the >> client-provided data is hostile, and not trusted. > > > Once again, if the data's not submitted, it can't be hostile. Yes, it can be, say, on a required field on a form. >> It's quite possible that the field changed while the page was being >> shown to the user, though, for example if the user loaded the page >> twice, modified the pages differently, and then submitted both, or if >> two users did the same thing (unknowingly). > > > Collision detection can fix this--and should probably be used anyway, > since it's just as likely that a collision will mess up the data if > all fields are submitted. > >> (Note that there is also the problem of how to handle checkboxes that >> I mentioned earlier. Any proposal for how to handle this would have >> to address that issue first.) > > > Which problem is this? > When a checkbox is not checked, the UA does not submit the value of the checkbox with the form. Therefore, how is the server supposed to differentiate between when the checkbox has been unchecked by the user and when the UA is not submitting it because the field has not changed? This also creates other problems. Given a situation where a user is editing a "comments" textarea, assume the user wants to erase the comments. How can the server differentiate between the user legitimately erasing the comments and the UA not submitting it because the field has not changed?
Received on Monday, 13 December 2004 14:04:49 UTC