Comments (7)
ljharb
commented on August 20, 2024
This is kind of a huge problem, what with security and privacy. Does anyone know how it can be fixed?
from forms.
powmedia
commented on August 20, 2024
I haven't used it in a while but I think this fork fixes the problem: https://github.com/tdryer/forms
On 2 Apr 2012, at 06:59, Jordan Harband wrote:
This is kind of a huge problem, what with security and privacy. Does anyone know how it can be fixed?
Reply to this email directly or view it on GitHub:
#13 (comment)
from forms.
johngeorgewright
commented on August 20, 2024
This is a scary problem... however, looking at your code I think can see why it's happening. You're using the same object between different routes. Your signupForm will only ever be constructed once. Although I haven't tested this, I believe re-factoring your code like so should fix your problem:
//controller.js, imported into app.js
var forms = require('../lib/forms'),
fields = forms.fields,
validators = forms.validators;
var signupForm = function() {
return forms.create({
first_name: fields.string({ required: true }),
last_name: fields.string({ required: true }),
email: fields.email({ required: true }),
password: fields.password({ required: true }),
password_confirm: fields.password({
required: true,
validators: validators.matchField('password')
})
});
};
module.exports = function(app) {
app.get('/signup', function(req, res, next) {
res.render('signup', {
signupForm: signupForm().toHTML()
});
});
app.post('/signup', function(req, res, next) {
signupForm().handle(req.body, {
success: function(form) {
res.redirect('/app');
},
other: function(form) {
res.render('signup', {
form: form.toHTML()
});
}
});
});
};from forms.
ljharb
commented on August 20, 2024
The form should only need to be created once. However, its value should not persist beyond a single request, and refactoring our code to remove the benefit of caching seems inappropriate. It seems that tdryer@86f354d fixes the problem, so it just needs to be merged into the main project.
from forms.
johngeorgewright
commented on August 20, 2024
Ahha... agreed. Much better way of go about it.
from forms.
ljharb
commented on August 20, 2024
Please see the comments on #16 for an update on this issue
from forms.
ljharb
commented on August 20, 2024
Fixed by #16
from forms.
Related Issues (20)
- Browser bundle is very large HOT 7
- Bound form does not have form.handle HOT 3
- Tags are not properly accessible through forms HOT 8
- Is it possible to add an HTML markup element? HOT 2
- How to create a form with an array of inputs HOT 4
- Wrong POST for multipleCheckbox? HOT 3
- Promise / async/await support HOT 12
- "Placeholder" attribute for text-based inputs HOT 5
- Use WHATWG URL for url and email validation HOT 10
- Form with only boolean fields does not validate successfully HOT 2
- simple checkbox HOT 1
- build broken due to ecstatic? HOT 3
- npm audit issue associated with async lib <= 2.6.2 HOT 1
- Nested forms drawn field by field lose their full names HOT 3
- Disabled attribute HOT 1
- Strange solutions HOT 2
- Add a Promise API side-by-side with the callback API of .validate() HOT 2
- GHSL-2020-356: seeking security contact for your project HOT 2
- Caolan form missing datetimelocal
- Cut a new release? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from forms.