http://www.perlmonks.org?node_id=430517


in reply to Form Validation and Untainting

Data::FormValidator is great, but it unfortunately doesn't also generate javascript validation code.

Though client-side javascript validation does not offer any reliability when used as the only validation stage, since it can be easily bypassed, when coupled with server-side (Perl) validation proves to be extremely precious in almost any web application.

It's precious because the client data does not have to reach the server to be validated, so you can save both bandwidth and server CPU cycles by intercepting wrong data right on the client machine, thus alleviating both your network connection and your server from receiving the wrong data, checking them and sending back the form again (possibly several times before a successful form submission.)
Furthermore, client-side validation gives your users a much stronger interactiveness feeling (and this is perhaps the most important thing.)
Then should a bad guy bypass your client-side validation, you always have your Perl validation code replicated on the server that will inexorably stop it.

So you could now think that it's a nightmare to keep in sync both Perl and javascript validation code (and you would be right, if you should do it by hand,) but what about if you could define your validation code just once (even in a declarative manner,) and get your Perl (server-side) validation code, and then get also javascript (client-side) validation code for free?!

Well, such a sweet thing is provided by (at least) two modules I'm aware of: CGI::Ex::Validate by Paul T. Seamons and CGI::FormBuilder by Nathan Wiger.
I don't know very much about the former, but I use the latter all the time (together with CGI::Application, as you required) and I find it nothing less than spectacular.
It has not all the data analysis capabilities offered by Data::FormValidator, but it has the most common validation schemes built-in (and it's easily extensible too, offering some useful javascript hooks.)
Furthermore it offers many other things related to web forms management, should you need it.
CGI::Ex::Validate should offer even more about data validation though, to be honest, I don't know how well it integrates with CGI::Application (CGI::Ex has got its own application builder, called CGI::Ex::App.)

Ciao,
Emanuele.

Replies are listed 'Best First'.
Re: Should you need javascript too.
by Anonymous Monk on Jun 15, 2011 at 16:02 UTC
    While this is a really old post, I stumbled on it and thought it'd be worth mentioning for prosperity that Data::FormValidator does have a companion module Data.FormValidator.js to do javascript validation using the same validation profile. Some things aren't supported on the javascript side, such as the custom perl subroutines, but it does get you a fair bit of the validation onto your frontend to make for a better user experience and reduce trips to the server.