Support forums : You can sense the bug

Validation Rules - Where are they?

Not like "it smells funny when I click that". This is for bugs that don't show an error but something just doesn't seem right or ends up doing something you think is wrong. It doesn't show you an error but you know something ain't right.

Moderator: Dracones

Validation Rules - Where are they?

Postby Kimberly » Fri Jul 30, 2010 5:00 am

I searched on validation, and validation rules and could not find any topics that specifically address the validation. Where are the validation rules stored? Is there a list of them in the backend where a person can add or delete the entries in the rules list? The reason I ask this is that I got a validation error when the validator should not have kicked it out.

Tag <table> may not have attribute id="..."

The table element certainly may have an id as well as a class applied to it.

Then I am told that I can :
(Note: To get rid of the above validation warnings, you can deactivate unwanted validation rules in your Group settings.) with a link provided to take me to the validation rules. The links leads me to my groups settings but no list of rules that can be changed. Basically it is "turn off validation", not fix any wrong rules.

I know I ran into this problem at one time with the b2evo with object and embed and I had to fix it before they updated, but that was ages ago.
Kimberly
Dracone
User avatar
 
Posts: 842
Joined: Mon Jul 19, 2010 4:44 pm

Re: Validation Rules - Where are they?

Postby EdB » Fri Jul 30, 2010 5:48 am

As you've pretty much guessed, they ain't out there in public. It's either accept the invisible hand of control or turn the damned thing off. I've turned them off on some installations, left them on for others. Anyway the specific file you'll be interested in is qp_inc/xhtml_validator/_xhtml_dtd.inc.php and you'll find that line 139 is of particular interest
Code: Select all
// Allowed Attribute classes
// TODO: individual checkboxes for class / style / id
$A_coreattrs = 'class title'.( $allow_css_tweaks ? ' style' : '' )               // 'id' is really nasty
               .( $allow_javascript ? ' onmouseover onmouseout onclick' : '' );
$A_i18n = 'lang xml:lang dir';
$A_attrs = $A_coreattrs.' '.$A_i18n;
I kinda suspected ID was off the list for some sort of security reason, which of course I have no understanding of.

Eventually $A_attrs gets applied to table ... and a metric shit-ton of other tags. So scroll on down to line 349 where they're giving away free beer AND where it says $A_attrs plus a whole bunch of bits is okay-fine for a table.

I think the text provided is misleading. First is says "id is not allowed" then it says "turn off validation checking", but on that page the value that is set by default is for "Force valid XHTML + strong security". So it calls it 'validation' when the truth is the check is both validation and security. Bad because validation strongly implies xhtml validation - obviously. But technically it isn't wrong to see it as "valid per the app's idea of both xhtml validation and security".

Another thing, and this is a pet peeve now, is that TODO line will never make it to the damned todo list. WHY can't people code with half a friggin brain? Must I now search the app for "// TODO" and convert them to proper todos so they can make the todo list so maybe some day someone will be into doing something about them? Which is only a rant required before I mention that it would be cool to have some more granular control over this area. For example the "XHTML validation" section should be for xhtml validation and should have something like "basics, more, wide open", followed by a security section ... which it pretty much is.

Off topic Why do I do this to myself? 297 matches to "// TODO" in 129 files. I suppose next I should search for "* TODO" then try to find a way to search out "* @todo" when it is not part of a properly formed docblock. It.Never.Ends.
EdB
Dracone
User avatar
 
Posts: 2072
Joined: Sun Nov 22, 2009 7:20 am
Location: Maricopa Arizona


Return to You can sense the bug

Who is online

Users browsing this forum: No registered users and 1 guest

cron