Joomla! Issue Tracker | Joomla! CMS #30461 - [4.0] client side form validation

No Code Attached Yet

Closed
2 Feb 2022
Medium
Build: staging
# 30461

brianteeman
24 Aug 2020

In order to have client side validation on a form there are three steps

JHtml::_('behavior.formvalidator') on the form
<form class="form-validate"> on the form
class="validate-password" on the field

In J4 with the introduction of the asset manager we now sometimes see that behavior.formvalidator has been replaced with

/** @var Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = $this->document->getWebAssetManager();
$wa->useScript('form.validate');

A quick check shows that its about 50/50 which version is used. Shouldn't we just use the same code everywhere?

This is completing ignoring the fact that 90% of the forms do not use any client side validation at all so don't need to load any js or have a form class

cc @zero-24 @wilsonge

brianteeman - open - 24 Aug 2020

joomla-cms-bot - change - 24 Aug 2020

Labels

Added: ?

joomla-cms-bot - labeled - 24 Aug 2020

zero-24 - comment - 24 Aug 2020

I can not help on what JS solution is the correct one. I guess this is up to the JS people to discuss. ;)

brianteeman - comment - 24 Aug 2020

Should there just be one method used - if so which one
Instead of blindly adding it to every form should it not be used just on the forms where there are fields being validated (a very small %)

Do we even need this client side javascript validation at all. Can it not be simply replaced with html5 validation and patterns.

There are only 9 forms that have a field being validated client side by this script. Even though there are about 70 forms which load the js

SharkyKZ - comment - 24 Aug 2020

Use asset manager. JHtml::_('behavior.formvalidator') is now a proxy to it:

joomla-cms/libraries/src/HTML/Helpers/Behavior.php

Lines 60 to 71 in 628eafd

    
           public static function formvalidator() 
        
           { 
        
           	// Only load once 
        
           	if (isset(static::$loaded[__METHOD__])) 
        
           	{ 
        
           		return; 
        
           	} 
        
           	Factory::getDocument()->getWebAssetManager()->useScript('form.validate'); 
        
           	static::$loaded[__METHOD__] = true; 
        
           }

brianteeman - comment - 24 Aug 2020

That answers part of the question

jiweigert - comment - 24 Aug 2020

I'm with Brian on "Can it not be simply replaced with html5 validation and patterns."
My 2c...

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30461.}

dgrammatiko - comment - 26 Aug 2020

I'm gonna shamelessly point out Formally here: https://formally-valid.info/

brianteeman - comment - 26 Aug 2020

Why wrap html5 validation in js - I must be missing something

dgrammatiko - comment - 26 Aug 2020

I must be missing something

At least:

to provide translated messages
to provide customised messages
to have better control on the styles

but the list is way bigger...
If you've ever used it then you'd probably knew the weak points, it's not perfect

brianteeman - comment - 26 Aug 2020

tbh i am more concerned with the pointless and misleading way it is currently addressed in core by loading validation everywhere when there is nothing to validate

dgrammatiko - comment - 31 Aug 2020

tbh i am more concerned with the pointless and misleading way it is currently addressed in core by loading validation everywhere when there is nothing to validate

FWIW when I introduced the pattern in the validation script the idea was to use it in every form field. Of course, that was a massive workload and I never came around doing the countless PRs needed. There are 2 possible workarounds:

Remove the validation in all the forms that don't actually use it
Add all the needed pattern attributes in all the form fields

brianteeman - comment - 31 Aug 2020

That is exactly what I am seeking guidance on

I am concerned people think there is validation when there isnt because of the way it has been applied to every form even when not needed AND the two different methods used to add the scripts.

I'm not afraid of hard work but I won't waste my time

brianteeman - change - 1 Oct 2020

The description was changed

brianteeman - edited - 1 Oct 2020

wilsonge - comment - 3 Jan 2021

So in terms of scripts. JHtml::_('behavior.formvalidator') should eventually move to WebAsset manager (although there's no desperate need to transfer all of them over for 4.0 release - but should be done over the course of 4.x of course).

Validator dates back well before HTML5 (https://developer.joomla.org/joomlacode-archive/issue-23016.html?highlight=WzIzMDE2XQ== introduced the unminified version in 2010). So the reality is yes we probably can ditch it in many places if HTML is sufficient and covers the same functionality and it covers the minimum browser standards we need (I'd imagine it does).

Please don't forget the validator JS is not about security. Any javascript it has to be assumed can be overloaded and manipulated. The validator JS is about giving the users a clean experience pointing out errors ideally before they submit data.

brianteeman - comment - 3 Jan 2021

The validator JS is about giving the users a clean experience pointing out errors ideally before they submit data.

In theory HTML5 validation also does that.

At this point this will have to be moved to 4.1

brianteeman - change - 2 Feb 2022

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2022-02-02 08:17:44
Closed_By		⇒	brianteeman
Labels	Added: No Code Attached Yet Removed: ?

brianteeman - close - 2 Feb 2022

brianteeman - comment - 2 Feb 2022

resolved eleswhere

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#30461] - [4.0] client side form validation

Add a Comment

	public static function formvalidator()
	{
	// Only load once
	if (isset(static::$loaded[__METHOD__]))
	{
	return;
	}

	Factory::getDocument()->getWebAssetManager()->useScript('form.validate');

	static::$loaded[__METHOD__] = true;
	}