[seam-dev] Extended validation constraints

Gunnar Morling gunnar.morling at googlemail.com
Sun Jun 12 06:31:14 EDT 2011 

Hi Shane,

the @WebSafe constraint is a great idea.

I'm not totally sure what the right place for it would be, though. The
constraints we have in HV so far are independent from any application
layer. @WebSafe would be the first one specific to the web layer. You
mentioned possible other constraints, do you have something specific
in mind already?

Maybe it would also be a good idea to have a separate library
exclusively for custom constraints which could be used from everywhere
("HV Commons" or similar).

I'm also CC'ing Hardy and Kevin from the HV team. What do you guys
think? There is already a pull request with the constraint at GitHub.
We already have a CR for 4.2. If we decide to add @WebSafe to HV do
you think we should add this in 4.2 or to the next release?

--Gunnar


2011/6/10 Shane Bryzak <sbryzak at redhat.com>:
> Sure, if you think it's suitable.  Seam Validation is based on HV anyways.
>
> On 10/06/11 18:32, Emmanuel Bernard wrote:
>>
>> Why not in Hibernate Validator?
>>
>> On 10 juin 2011, at 10:02, Shane Bryzak wrote:
>>
>>> Hi Gunnar,
>>>
>>> I had an idea today for a new validation constraint called @WebSafe - in
>>> summary what it would do is validate a rich text value provided by the
>>> user to ensure that it contains no malicious code, such as embedded
>>> <script>  elements.  The implementation for this would use JTidy to
>>> convert the value to a DOM tree, after which it would walk the nodes of
>>> the tree and locate any<script>  tags, and if any are present the
>>> validation would fail.
>>>
>>> Anyway, the implementation isn't so important - what I was wondering
>>> though is whether you think something like this would be useful to have
>>> in the Seam Validation module.  I tend to think that it would be (and we
>>> can probably come up with quite a few other useful validation
>>> constraints also) but I would like to know what you think about this.
>>>
>>> Shane
>>> _______________________________________________
>>> seam-dev mailing list
>>> seam-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/seam-dev
>
>

More information about the seam-dev mailing list