[whatwg] substantive comment on Web Forms 2.0, and suggestion
Andrew Hagen
xah at myrealbox.com
Wed Jul 7 14:07:46 PDT 2004
Hello,
I have a comment and a suggestion for Web Forms 2.0 below.
I think Web Forms 2.0 is great. The best part is that it builds on
HTML forms. It makes it easier for a web designer to validate form
input data for sanity and without lots of Javascript.
While Opera, Mozilla and other browsers will implement support,
clearly, IE will not add support for Web Forms 2.0. This leads me to
my concern.
Let's say Web Forms 2.0 is released, browsers support it, and lots of
web developers implement web pages using the new technology.
Nothing would prevent a user with IE from finding such a form and
entering data into the form with his browser. He can even submit the
data with IE. This will give IE the ability to send bad data (not
validated) to the server. To prevent the bad data,a separate program
would be needed to validate the data on the server end.
That need for another program would defeat the purpose of Web Forms
2.0, which is to validate the data on the client end (with the web
browser), so that it doesn't have to be validated on the server end
or with Javascript.
I would like to see another attribute that could be optionally added
to the form tag in Web Forms 2.0. This element would be something
like
webformsver
The attribute would take a numeric value.
If a Web Forms 2.0-enabled browser web form sees that attribute in a
form tag, it should send an additional data packet when it submits
data. That data packet should be standardized to some kind of unique
value like:
webformsverokay=2
The data packet would be slightly different from the attribute
(webformsver) so if IE just sends everything in the form tag to the
server, the server can still tell whether the data came from a Web
Forms 2.0-enabled browser or not.
That would make it easy on the server end. All they would have to do
is look for a "webformsverokay=2" in the submitted data, for example,
and if they find it, the data is known to have been validated. If
they don't find it, the data can be rejected as not validated, which
would be the same as saying it comes from an obsolete browser.
I may be over my head here. If this has been a waste of time for you,
I truly apologize. I tried to figure out whether this makes sense or
not, but I'm not really sure.
You guys are doing a great job with Web Forms. I'm really looking
forward to all the things that the WHATWG is doing.
Regards,
Andrew Hagen
xah at myrealbox.com
More information about the whatwg
mailing list