TextBox entry validation tools -- preventing "garbage in" (as much as practical)

TextBox lets the user enter strings. In practice, however, these strings often represent integers, currency amounts, percentages – and that’s just the numeric objects that the end-user may enter. One might also enter email addresses, hyperlinks, street addresses (or parts thereof), ISBN numbers, phone numbers, passwords, … the list goes on.

Ideally, the user should get immediate feedback when he violates the object’s syntax rules – and any other per-entry rules (minimum/maximum values, etc.). Immediate feedback means “perform the check in the browser, if at all possible.” (TextBox has all the event-handlers needed to trigger such checks.)

But of course, we must also execute the same check on the server side, since the browser-side can’t be trusted. And to ensure that it really is the same check, we should be executing the same Python code in both places.

At the moment, this is more difficult than it looks. Step one is usually to validate syntax. Accordingly, a first step is usually to import re, Python’s regular expression module, and have it compile some standard syntax-checkers (to ensure consistency across many entry fields). Once a value’s syntax is “known good”, then we may convert the string to additional formats, if needed, for further testing (e.g., min/max).

Unfortunately, re.compile() does not seem to be recognized browser-side. This probably eliminates any possible reliance on PyPi’s many validation modules. But from what I’ve seen so far, they’re not aimed at testing individual strings, anyway.

So, what validation tools (Python modules, functions, classes, etc.) currently are available, that work on Anvil’s browser-side and server-side?

Could you not have one server side function called by both - anvil.server.call(xx) ? If you are checking on keypress events that might generate significant client/server traffic & delays, breaking the immediate feedback requirement.

Yes, absolutely - re.compile() is something we need on the client side! Improvements are coming soon - I believe we should have re.compile() mostly working within the next couple of weeks (although I’m not sure we’ll support the full PCRE regex syntax by that point).

David, I thought of that. But as you say, I don’t want to call server-side code on every change() event. I want that syntax-checking code to run in the browser, both for performance and scalability reasons. But the server side mustn’t rely on browser-side checks; it needs to do its own.

IIRC, Meredydd, my Python book says that Python implements its own RE syntax, not exactly PCRE. Perhaps the first aim would be towards a common subset, if that’s practical.

At the point where a non-Python syntax is supported, it might be wise to choose a distinctive module name, if only to avoid confusion/conflict.

Yep - the end goal is a full re module, supporting full Python syntax. But since this is clearly a burning need, we’re going to ship you what we’ve got ASAP!

What’s the current state of play on this? Do I need to roll my own or is something coming imminently?

In the interim, you might want to look at

With this, you can avoid rolling your own validation framework. It’s based not on regular expressions, but on simple, everyday functions, with a “whiteboard” metaphor, mirroring how you yourself might do the job.

Use the functions already there, to do much of the gruntwork. Where an existing function won’t do, write others as needed, and plug 'em in, in sequence.

The sample project was accidentally dropped, but it was added back in (with a new link) a little while ago.

Hi Owen,

We’re still chewing it over, so I’m afraid it’s not imminent. You’ll have to roll your own for now!

This one would really enhance productivity.