On 9/22/05, Kieren Diment <[EMAIL PROTECTED]> wrote: > > On 22 Sep 2005, at 21:10, David Baird wrote: > > > On 9/22/05, Aaron Trevena <[EMAIL PROTECTED]> wrote: > > > >> On 9/22/05, David Baird <[EMAIL PROTECTED]> wrote: > >> > >>> I'm still not clear about the case where a form submission > >>> includes no > >>> mention of a field, for instance a select dropdown where you don't > >>> select anything. > >>> I think in that case, the form does not even submit > >>> an empty field - it omits the field entirely from the submission. I > >>> guess I need to write a test. > >>> > >> > >> I think it should submit the form with no value for that field. > > > > I mean, the browser omits the field entirely. What I want to test is > > how a CGI::Untaint handler behaves when you ask it to untaint a key > > that isn't even in the submitted data. > > The tests required are: > > 1. When a dropdown has a null value. In this case parameter should > be present with a value of undef. > 2. When a /(multi)?select/ has a null value. In this case the > browser request omits the parameter. > 3. When a checkbox has a null value. In this case the browser > request omits the parameter. > 4. A /text(area)?/ is null. parameter == undef > 5. Submits also seem to provide an undef value to the browser. > > for cases 1 and 4, the absence of a parameter in the browser request > probably means that someone's doing something suspicious with your form. > > Sorry I'm not in a position to write the tests myself at the moment. >
That's a useful summary. Note though that CGI::Untaint has no knowledge of what field type maps to what field, so we're looking at an extra layer of validation. d. d. ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Maypole-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/maypole-devel
