[Catalyst] XSD Validation of Forms
Alejandro Imass
alejandro.imass at gmail.com
Thu Aug 13 15:11:44 GMT 2009
Ok, this is what I do, so to spark some ideas. I can't disclose many
details because of legal issues but generally speaking....
XXXLIB is a special module (can't disclose it's name) where all the
XML stuff is done. It uses LibXML as backend (gnome libxml2 via XS).
xxxapp is the app name
xxx_xsd is the XSD file
1) Figure out if the request is HTML or XML. Note XHTML is considered as HTML.
sub xxxmethod : Local {
my ( $self, $c ) = @_;
# figure out request type (html | xml)
$c->forward('get_req_type');
# xml lib object
my $dx = xxxapp::Controller::Util::XXXLIB->new(
encoding => $c->stash->{encoding},
schema => $c->config->{root}.$c->config->{xxx_xsd},
);
2) Process the request data. If it's XML is goes directly. If it's
HTML is goes through an HTML param to XML conversion. Perhaps by using
XFORMS and making XHTML mandatory I could have simplified the code
even more.
# process request data
my $req_data = undef;
# these couple of methods validate xml using the xsd
# xml request is processed directly by the xml parser
if($c->stash->{xmlreq}) {
$req_data = $dx->process_omreq_xml($c->req->body,'xxxmethod');
}
# html request is converted into equivalent xml
else{
# transforms params into a simple xml
$req_data = $dx->process_omreq_html($c->req->params,'xxxmethod');
}
# data did not pass check
unless($req_data){
$c->stash->{error} = $dx->{error};
# code injection check
unless($dx->{inject}){
$c->stash->{form_action} = $c->request->base.'xxxcont/xxxmethod';
$c->detach('exception/omx/0');
}
else{
$c->stash->{form_action} = '';
$c->detach('exception/sys/1');
}
}
3) From here on $req_data is a normalized hash... and that's it!
[snip]
} # end of controller method
sub get_req_type : Private {
my ( $self, $c ) = @_;
my $encoding = $c->req->content_encoding;
# assume UTF-8 if not specified (application/x-www-form-urlencoded)
$c->stash->{encoding} = $encoding ? $encoding : 'UTF-8';
$c->stash->{xmlreq} = undef;
my $ct = $c->req->content_type;
# XML Request
if($ct =~ m/text\/xml/i){
my $dx = cqridmp::Controller::Util::XXXLIB->new(encoding =>
$c->stash->{encoding});
my $dom = $dx->slurp_file($c->req->body);
my $root = $dom->documentElement;
#XHTML is HTML
unless($root->nodeName =~ /.*html.*/i){
$c->stash->{xmlreq} = 1;
}
}
}
On Tue, Aug 11, 2009 at 8:36 PM, Chris<hutchinson.chris at gmail.com> wrote:
>> My comment was perhaps more oriented to using a common declarative
>> validation idiom such as an xml schema because with this particular
>> project, I found myself maintaining FormBuilder YAML files and XSDs.
>> Then I decided to convert HTML to XML and use the common XSD for both.
>> Since most decent XML parsers already perform the validation, and they
>> are usually quite fast, I thought that perhaps something similar to
>> the FormBuilder plug-in could be built that used an XML approach.
>>
>
> I like the idea of a single 'base format' which can be used to drive
> the validation and the form layout too.
>
> Is your scheme a format which, when rendered as html, defines the form
> and, when parsed appropriately, provides the form validation too?
>
> As in:
> <form>
> <input type="text" id="abc" format="integer" /><br />
> <input type="submit" />
> </form>
>
> - Chris
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
More information about the Catalyst
mailing list