After pondering this awhile I'm starting to think we should drop the feature.
The use case can be
solved in a more direct way which doesn't raise the security concerns. For
example:
Submit submit = new Submit("done", this, "onSubmit");
public void onInit() {
// We want to check if submit was clicked in onInit, so we do an explicit bind
ClickUtils.bind(submit);
if( ! submit.isClicked()) {
// If Submit was not Clicked (ie. a JS submit), switch off validation
form.setValidate(false);
}
// onSubmit is only called if Submit was Clicked and validation is on
public boolean onSubmit() {
if(form.isValid() {
// do stuff
}
}
Thoughs?
Kind regards
Bob
On 13/11/2010 17:44, Bob Schellink wrote:
> On 11/11/2010 10:31, Bob Schellink wrote:
>> Hi Lorenzo,
>>
>> The proposed fix can be found here:
>>
>> http://markmail.org/message/2slptgc6uhb7xpte
>
>
> Maybe we should align with HTML 5 a bit on this. HTML5 has a novalidate
> attribute allowing
> client-side validation can be skipped. Maybe we should use
> "novalidate_server" to differentiate?
>
> Bob
>
>
