[Html-widget] when to run filters. WAS: file uploads and
element_type combined patch
Carl Franks
fireartist at gmail.com
Wed Nov 29 17:12:28 GMT 2006
I'm wondering if the current behaviour of filters is wrong.
Currently, if a submitted form contains errors, and you send it back
to the user with $result->as_xml(), the form field values contain the
user's input /after/ the filters have been run.
This is very likely the wrong behaviour, when filters such as
HTMLEscape are taken into account.
I think that the raw user input should be sent back in $result->as_xml(),
and the output of the filters should only be accessible through
$result->param() or $resul->params().
This would also have the side effect that we wouldn't have to worry
about filters causing fatal errors during $widget->process(), as the
filters wouldn't have to be run until the first call of
$result->param() or params().
We could also provide a $result->run_filters() method, which you could
call yourself so that you can handle any possible errors, if you
anticipate your filters causing any.
Any opinions?
Carl
More information about the Html-widget
mailing list