[whatwg] Any way to submit only those parts of a form that havechanged?
gkilwein at fbsdata.com
Mon Dec 13 14:04:49 PST 2004
> Ian Hickson wrote:
>> On Sun, 12 Dec 2004, Ben Meadowcroft wrote:
>>>>> I don't feel like doing a detailed readthrough of the spec again
>>>>> (though I did glance at parts that looked relevant), but is there
>>>>> anything in WF2 that allows only parts of a form that have changed
>>>>> from their default value to be submitted?
>>>> There isn't; what would the use case be?
>>> Seriously though I recently had to frig this by adding hidden form
>>> indicating when a field had been changed so you don't have to do
>>> lookups on the backend data first to decide if there has been a
>>> change or not.
>> Be very careful with this -- you should always assume that the
>> client-provided data is hostile, and not trusted.
> Once again, if the data's not submitted, it can't be hostile.
Yes, it can be, say, on a required field on a form.
>> It's quite possible that the field changed while the page was being
>> shown to the user, though, for example if the user loaded the page
>> twice, modified the pages differently, and then submitted both, or if
>> two users did the same thing (unknowingly).
> Collision detection can fix this--and should probably be used anyway,
> since it's just as likely that a collision will mess up the data if
> all fields are submitted.
>> (Note that there is also the problem of how to handle checkboxes that
>> I mentioned earlier. Any proposal for how to handle this would have
>> to address that issue first.)
> Which problem is this?
When a checkbox is not checked, the UA does not submit the value of the
checkbox with the form. Therefore, how is the server supposed to
differentiate between when the checkbox has been unchecked by the user
and when the UA is not submitting it because the field has not changed?
This also creates other problems. Given a situation where a user is
editing a "comments" textarea, assume the user wants to erase the
comments. How can the server differentiate between the user
legitimately erasing the comments and the UA not submitting it because
the field has not changed?
More information about the whatwg