<- Updating a Running Service Contents SSL Encryption and HTTP Authentication ->

PowerForms - Declarative Form Input Validation

JWIG incorporates the PowerForms language for making validation of form input easier. Often with traditional programming languages, substantial amounts of the service source code is used for checking that the users have filled out the forms correctly, but those languages provide no particular support for this aspect of Web service development. To provide immediate and user friendly feedback to the user, client-side JavaScript is typically applied. However, since JavaScript execution can be bypassed, a server-side double check is always necessary. This means that, in addition to being required to master JavaScript - which can be surprisingly difficult because of the many different variants that the browsers understand - the Web service programmers must essentially write the same code twice, first in JavaScript for the user friendly client-side validation, and then in a different language for the double check on the server.

PowerForms is a small domain-specific language for declarative specification of form input validity requirements. Using an XML notation, formats and help messages can be specified for individual fields. A format is essentially a regular expression defining a set of valid values for the field. Additionally, complex interdependencies between different fields can be specified, such that the format of one field may depend on the values of other fields. A PowerForms document concisely specifies validity requirements for one or more whole forms that appear in an XHTML document that is shown to the user. Given such an XHTML document and a PowerForms document, JWIG automatically inserts JavaScript code into the XHTML document before being shown, such that form input validation is performed incrementally as the user fills out the form. Furthermore, code for performing the server side double check is also automatically generated. With PowerForms, JWIG programmers can easily add advanced form input validation to a Web service - without writing a single line of JavaScript code.

A PowerForms document is an XML object. As for XHTML documents, it can be built using gaps and plug operations. A variant of the show operation takes a PowerForms document as an extra argument P: 

    show D powerforms P;

JWIG guarantees that execution will not continue after this operation unless all specified form input requirements are satisfied.

Example: 

import dk.brics.jwig.runtime.*;
     
public class PowerFreebie extends Service {

    public class HowMany extends Session {
	
	static final int MAX = 5;
	
	XML templateAsk = [[ 
             <html><head><title>PowerFreebie</title></head><body><form>
               How many free T-shirts do you want?
               <input name="amount" type="text"/>
               <input name="continue" type="submit"/>
             </form></body></html> 
        ]];
     
        XML templateReply = [[ 
             <html><head><title>PowerFreebie</title></head><body>
               You will receive <[amount]> k00l T-shirts any day now...
             </body></html>
        ]];
         
        XML format = [[ 
             <powerforms xmlns="http://www.brics.dk/powerforms/2.0">
               <constraint field="amount">
                 <match>
                   <interval low="1" high=[high]/>
                 </match>
               </constraint>
             </powerforms>
        ]];
	
	public void main() {
	    show templateAsk powerforms format<[high=MAX];
	    int amount = Integer.parseInt(receive amount);
	    exit templateReply<[amount=amount];
	}
    }
}

With this Web service, users can order a number of T-shirts, but the PowerForms document specifies that at most MAX can be requested. If the user's browser supports JavaScript, an error window will pop up if the user attempts to order too many. Such violations are caught on the server if the JavaScript code is somehow bypassed. Note that the construction of the XHTML documents is not affected by the introduction of form input validation. Thus, PowerForms can easily be added gradually to a JWIG service.

The JWIG program analyzer can be used to check that the PowerForms documents are always valid - even though they are dynamically generated as in the example above.

See the PowerForms section of the online tutorial Interactive Web Services with Java for further description of PowerForms. The full grammar for the PowerForms language is available from the PowerForms home page. The PowerForms language was introduced in the research paper PowerForms: Declarative Client-side Form Field Validation in the context of the <bigwig> language.

<- Updating a Running Service Contents SSL and HTTP Authentication ->