-
Notifications
You must be signed in to change notification settings - Fork 576
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change validation to consider the empty string a valid value #1482
Conversation
This appears to be the default assumption of our users. The empty string can now be validated with regexes and other checks. Additionally non-browser users and form elements without any value at all can now be considered during validation.
Calling for a vote @mojolicious/core. |
To be more precise, this is about the case where you have a query string like |
I actually ran into this in os-autoinst/openQA#2812 where we have an API which accepts an optional parameter that must be numeric or empty. If the empty string is given, the value is cleared. Other values can be updated without changing or clearing said value, however - so empty is not the same as undefined. I actually defined it as |
Can't make up my mind if this is better or not. Going to have to vote neutral. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks sane to me 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am voting neutral. I think it would be good to provide more flexibility by doing this, but also I'm not sure about the implications for day-to-day use with forms as submitted by browsers.
tl;dr Voting yes It seems to trip new users up quite a bit. Perhaps it is because it looks like you are asserting whether the topic has to be part of the input or can be omitted, but it is actually considering the value as well (which is really what the checks are for). This change introduces a clearer separation between "is the topic in the input" and "does the value of the topic meet this criteria" (e.g. is not an empty string). It also makes using Mojolicious::Validator nicer to use outside of validating web forms (like validating CSV files from crazy systems that have unstable headers!) where an empty string in a required topic is valid. Any code currently using My vote is yes because having |
I was going to vote neutral, but @CandyAngel 's argument persuaded me. Voting yes (👍 ) |
Doesn't this get messy as an interface when you have an optional value that is allowed to be the empty string, but if it is not then extra requirement. Seems messy if everything then has to go though regex I agree on the old setup optional('field') -> size(3,10) was annoying because field was undef it it had no value, but the requirement worked if the field had a value. |
This explicitely allows optional parameters to be empty when saving needles. The code handles the case when one or all of these parameters are empty just fine. This change merely restores the old behavior before Mojolicious change mojolicious/mojo#1482 was introduced.
This explicitely allows optional parameters to be empty when saving needles. The code handles the case when one or all of these parameters are empty just fine. This change merely restores the old behavior before Mojolicious change mojolicious/mojo#1482 was introduced.
I agree with daleif. How do I handle the case that e.g. I expect an optional number. The browser always transmits an empty input field as empty string. In this minimal example I always get has_error for an optional param. That doesn't seem right.
|
@tim-2 That case could probably only be handled with another alternative to |
Would it even be possible to do chaining in the case where the value can either be empty or need to match conditions? I had to change mine into
which works but is perhaps not elegant. |
There should probably be something like |
Yes, this would be a nice solution. |
We can actually resolve this with a new filter. f410199...c0347bd |
So just returning (one question, not 100% related, are a check allowed to change the value passed on? I had a check that verifies a date (input via a string like 2020-03-21) and it seemed convenient to just replace the input with the generated DateTime object) |
Checks don't change the value, but filters can. You can try to convert it to an object in a filter and then check it is of that object. I do this but with Time::Piece and strptime.
|
@CandyAngel thanks, that might be a better solution I guess the answer should be: checks should not change the value, but filters can. it is not too hard changing the value in a check (as I just did ;-), but one probably should not. |
I for one does did not expect the empty string to now be valid under As a new user I would appreciate if in the documentation Just updated my mojolicious installation and spent an hour debugging my form validation and could not figure out why the empty string no longer triggered the As it sits now, what is the Can a normal form validation even trigger the |
This is what I was thinking of when I said:
What I meant by "already flawed" was by not doing any additional checks that should make an empty string fail anyway, such as
No, because that is what |
I still think it is best to explicitly specify this in the docs to avoid confusion. Granted I have not checked many other validation frameworks, but those I had come by trigger required on empty input. |
Additionally the
here
but here is passes.
|
But Looks like you really want: EDIT #1: Clarified and added context |
This appears to be the default assumption of our users. The empty
string can now be validated with regexes and other checks.
Additionally non-browser users and form elements without any value
at all can now be considered during validation.