I found that refreshing a submitted form results in processing the form data again. In some other CMS's I've used, repeated submission pops up a warning (e.g. "You have already submitted this form, are you sure you want to submit it again?").
What's the right way to address such cases in Orchard? I.e. prevent repeated processing of form contents, and/or warn about repeated submission.
#BertrandLeRoy confirms that redirect after submission is the correct way to handle this case in Orchard. Thanks!
Related
I have a simple user registration form which needs to check if the email address already exists - it initially works when I hit the Submit button eg if I enter an existing mail address I get the error, but if I then modify the address to a non-existent one it takes one or two more submits before passing validation. So it seems there is some caching going on somewhere.
I have an isExistingUser function in an SSJS library which simply looks up to the $Users view in the Directory and returns a boolean. Then the XPage source is as follows:
<xp:validateExpression>
<xp:this.message><![CDATA[This user already exists!]]></xp:this.message>
<xp:this.expression><![CDATA[#{javascript:var em = getComponent("inputEM").getValue();return isExistingUser(em)}]]>
</xp:this.expression>
</xp:validateExpression>
How do I force this to work correctly on every submit ie clear any previous values from memory/cache? Many thanks
Use getComponent(“inputEM”).getSubmittedValue() - or even better: use the data source to get the contents of inputEM such as document.getValue(“inputEM”)
Im making an Xpages application which needs to have server-side validation.
In my form, when a field is cleared and the form submitted - if there is another field which causes the validation to fail - it will be repopulated with the last successfully saved value in the document.
This is not what should happen. The field should stay blank until the page is either refreshed, or the user enters another value.
Does anyone have any idea about what is causing this to happen?
Thanks,
Paul
This depends on your execId and refreshId.
For what happens during partial refresh, read these blog posts, particularly part three http://www.intec.co.uk/tag/partial-refresh/.
If validation (or conversion) fails server-side, the server-side map of the XPage is not updated because the data is not deemed complete enough for server-side processing.
So the partial refresh skips to Render Response, which posts back what HTML should be displayed to the page. That includes values in fields - you're replacing HTML, so it has to.
If you're save button is refreshing the form area, you'll be replacing the HTML there, so overwriting the values entered by the user with the last valid values.
The recommended approach will depend on your page architecture and what you're saving. One is to move validation to the save() function, by which time the values will have been updated in the DominoDocument (the front-end wrapper for the Document on the server). Another is to only refresh the validation area and, if validation was successful, call context.reloadPage() or context.redirectToPage() to effectively skip the partial refresh.
Thanks for the help. As far as I can tell, it was simply due to the way the default converter included with xpages handles the object and/or string. Writing a java custom converter sorted everything out.
In my JSF based web application I have large number of UI input fields on the forms. I try to save the data in to managed beans(and propagate to the database) by submitting the form via ajax calls while the user is still entering the data on the form. When I have validation errors on the page the ajax submit fails to save data to the backend. The usual validation error is required validation on the input fields. This is an annoying issue for me since if the validation of 50th input field fails the data entered in the first field is also not saved.
In all of UI forms we do have a summary page where we show the user entered data before allowing to submit the form. What I would like to know if it is possible to delay the form data validations until the user goes to the summary page. On summary page I want to either display the validation errors or display the read only version of the data. Did anybody encountered this situation or have a solution to this kind of problem?
I have a lot of fields on a form. Not exactly sure how many but it has to be close to 100, if not over.
I have a change event of one field doing a partial refresh of a computed field with the following formula.
return document1.getItemValueString("txtCustomScore");
txtCustomScore is the field that has the event.
It takes 3-4 seconds to update this field. Are all of those other field somehow affecting how long it takes to refresh this field? It is taking 3-4 seconds.
I even tried getValue instead of getItemValueString. As suggested in this thread:
Setting a document field with replaceItemValue from a rich text control?
But it still takes 3-4 seconds to update the computed field.
Is there anyway to fix this other than eliminating fields from the form?
Yes it does. Even for a partial refresh all component values get evaluated and the server side result tree is built. As Tommy suggested, partial execution mode might be your answer
I strongly encourage you to watch the XPages Masterclass Video Series 1 (See: http://tonymcguckin.wordpress.com/2013/04/22/xpages-masterclass-series-1/).
From this you will then be able to introspect the XPages Request Processing Lifecycle phases and Profile your application. This will uncover the exact reasons behind the processing cost.
If I receive user input, does it make any difference if I validate first and then sanitize before saving it to the database?
Or is there any risk in validating unsanitized input?
(when I say 'sanitize' I mainly mean stripping out any HTML tags)
UPDATE & CLARIFICATION:
I wouldn't put HTML tags into the database. I would sanitize the input before saving it - but after validating against my model. The reason the validation and sanitization are separate is because they are separate libraries - the only question is whether I should call 'sanitize' upon 'before_validate' or upon 'before_save'.
The only risk I can think of is if you are performing extensive client-side validation. If you were validating and then spitting the values back onto the page in your error messages then you could have an issue.
For example, if you have a textbox that has to only contain numbers and a user enters a letter in that textbox. If your client side script generates an error message like " 'somevalue' is an invalid value for this textbox ", then you are injecting whatever the user has entered into the box back onto the page. Either way, it will only affect that user's session.
Why are you separating HTML stripping (or escaping) from other validation? Isn't it all the same thing?
And why would you put HTML tags into the database only to strip them later? Doesn't that mean that your database is temporarily incorrect?
I don't see why you're separating "validation" from "sanitize". They're two sides of the same coin. Do everything you can to make sure the data is perfect before committing it to the database.
"the only question is whether I should call 'sanitize' upon 'before_validate' or upon 'before_save'."
The distinction is too subtle for words. You must do both. Generally, you do not want to try and validate HTML.
Therefore, it's only sensible if you (1) "sanitize" to strip HTML tags and then (2) validate what's left.
I'm not sure how else you could do it.
ALWAYS validate and sanitize before submitting to the database. Without doing so, you could expose your database to SQL injection attacks.
What order you do so depends on what you want your user experience to be. If you validate first, then you could provide validation back to the user easier (You could use javascript and regular expressions to do this)
Required xkcd cartoon: