[whatwg] substantive comment on Web Forms 2.0, and suggestion

Andrew Hagen xah at myrealbox.com
Wed Jul 7 14:07:46 PDT 2004


I have a comment and a suggestion for Web Forms 2.0 below.

I think Web Forms 2.0 is great. The best part is that it builds on 
HTML forms. It makes it easier for a web designer to validate form 
input data for sanity and without lots of Javascript.

While Opera, Mozilla and other browsers will implement support, 
clearly, IE will not add support for Web Forms 2.0. This leads me to 
my concern.

Let's say Web Forms 2.0 is released, browsers support it, and lots of 
web developers implement web pages using the new technology.

Nothing would prevent a user with IE from finding such a form and 
entering data into the form with his browser. He can even submit the 
data with IE. This will give IE the ability to send bad data (not 
validated) to the server. To prevent the bad data,a separate program 
would be needed to validate the data on the server end. 

That need for another program would defeat the purpose of Web Forms 
2.0, which is to validate the data on the client end (with the web 
browser), so that it doesn't have to be validated on the server end 
or with Javascript.

I would like to see another attribute that could be optionally added 
to the form tag in Web Forms 2.0. This element would be something 


The attribute would take a numeric value.

If a Web Forms 2.0-enabled browser web form sees that attribute in a 
form tag, it should send an additional data packet when it submits 
data. That data packet should be standardized to some kind of unique 
value like:


The data packet would be slightly different from the attribute 
(webformsver) so if IE just sends everything in the form tag to the 
server, the server can still tell whether the data came from a Web 
Forms 2.0-enabled browser or not.

That would make it easy on the server end. All they would have to do 
is look for a "webformsverokay=2" in the submitted data, for example, 
and if they find it, the data is known to have been validated. If 
they don't find it, the data can be rejected as not validated, which 
would be the same as saying it comes from an obsolete browser.

I may be over my head here. If this has been a waste of time for you, 
I truly apologize. I tried to figure out whether this makes sense or 
not, but I'm not really sure.

You guys are doing a great job with Web Forms. I'm really looking 
forward to all the things that the WHATWG is doing.


Andrew Hagen
xah at myrealbox.com

More information about the whatwg mailing list