Journal Article10.1023/A:1018772405468
PowerForms: Declarative client-side form field validation
144
TL;DR: This work presents PowerForms, which is an add-on to HTML forms that allows a purely declarative specification of input formats and sophisticated interdependencies of form fields, and is seen as inspiration for a future extension of HTML.
read more
Abstract: All uses of HTML forms may benefit from validation of the specified input field values. Simple validation matches individual values against specified formats, while more advanced validation may involve interdependencies of form fields. There is currently no standard for specifying or implementing such validation. Today, CGI programmers often use Perl libraries for simple server-side validation or program customized JavaScript solutions for client-side validation. We present PowerForms, which is an add-on to HTML forms that allows a purely declarative specification of input formats and sophisticated interdependencies of form fields. While our work may be seen as inspiration for a future extension of HTML, it is also available for CGI programmers today through a preprocessor that translates a PowerForms document into a combination of standard HTML and JavaScript that works on all combinations of platforms and browsers. The definitions of PowerForms formats are syntactically disjoint from the form itself, which allows a modular development where the form is perhaps automatically generated by other tools and the formats and interdependencies are added separately. PowerForms has a clean semantics defined through a fixed-point process that resolves the interdependencies between all field values. Text fields are equipped with status icons (by default traffic lights) that continuously reflect the validity of the text that has been entered so far, thus providing immediate feed-back for the user. For other GUI components the available options are dynamically filtered to present only the allowed values. PowerForms are integrated into the system for generating interactive Web services, but is also freely available in an Open Source distribution as a stand-alone package.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
The essence of command injection attacks in web applications
Zhendong Su,Gary Wassermann +1 more
- 11 Jan 2006
TL;DR: This paper presents the first formal definition of command injection attacks in the context of web applications, and gives a sound and complete algorithm for preventing them based on context-free grammars and compiler parsing techniques.
Using parse tree validation to prevent SQL injection attacks
Gregory Buehrer,Bruce W. Weide,Paolo A. G. Sivilotti +2 more
- 05 Sep 2005
TL;DR: A technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities is described, based on comparing, at run time, the parse tree of the SQL statement before inclusion of user input with that resulting after inclusion of input.
Abstracting application-level web security
David Scott,Richard Sharp +1 more
- 07 May 2002
TL;DR: A scalable structuring mechanism facilitating the abstraction of security policies from large web-applications developed in heterogenous multi-platform environments is described and a tool which assists programmers develop secure applications which are resilient to a wide range of common attacks is presented.
297
Patent
Method and apparatus for explaining credit scores
Stuart L. Crawford,Andrew Flint,Sharon Anne Hatcher,Keith Owen Hillestad,Thomas J. Quinn,Michael William Rapaport,Sue Ann Simon,Michael Steele,Cheryl Lynne St. John +8 more
- 26 Jul 2001
TL;DR: In this paper, the authors provide an array of informative resources including for-pay services and extranet functions to serve consumers and traditional players in the financial services industry, including financial counselors, mortgage brokers, direct lenders, large national credit issuers, and third-party credit report re-sellers, plus information seekers such as the press, consumer groups, and government agencies.
240
Patent
Single window navigation methods and systems
Scott L. Ruthfield,Richard J. Wolf,Michael Hopcroft,Paul R. Erickson,Satoshi Nakajima +4 more
- 11 May 2001
TL;DR: In this paper, a user interface (UI) in the form of a single navigable window enables a user to navigate to and between multiple different functionalities that are provided by a single application program.
213
References
The pointer assertion logic engine
Anders Møller,Michael I. Schwartzbach +1 more
- 01 May 2001
TL;DR: A new framework for verifying partial specifications of programs in order to catch type and memory errors and check data structure invariants and can verify a large class of data structures, namely all those that can be expressed as graph types.
314
Document Object Model (DOM) Level 2 Specification
Lauren Wood,Vidur Apparao,Mike Champion,Joe Kesselman,Tom Pixley,Jonathan Robie,Peter Sharpe,Chris Wilson +7 more
- 01 Jan 1999
TL;DR: The Document Object Model Level 2 as discussed by the authors is a platform and language-neutral interface that allows programs and scripts to dynamically access and update the content, structure and style of documents, including XML, HTML, abstract views, generic stylesheets, Cascading Style Sheets, Events, and traversing the DOM.
Mona implementation secrets
TL;DR: An overview of MONA and a selection of implementation "secrets" that have been discovered and tested over the years, including formula reductions, DAGification, guided tree automata, three-valued logic, eager minimization, BDD-based automata representations, and cache-conscious data structures are presented.
170
Distributed safety controllers for web services
Anders B. Sandholm,Michael I. Schwartzbach +1 more
- 28 Mar 1998
TL;DR: High-level synchronization constraints are used, written in a version of monadic second-order logic on finite strings, to synthesize safety controllers for interactive web services to avoid state-space explosions and to increase the flow capacities of services.
A type system for dynamic Web documents
Anders B. Sandholm,Michael I. Schwartzbach +1 more
- 05 Jan 2000
TL;DR: This work presents an efficient runtime implementation that respects the semantics of only well-typed programs and is fully implemented as part of the system for defining interactive Web services.
40
Related Papers (5)
Jr. Gerald V. Wright
- 23 May 1994
Steve Yankovich,Nathan Hoover,Ed Porter +2 more
- 27 Mar 1999
Anthony J. Moore,Susan Warren,Scott D. Guthrie,Steven Alfred Isaac +3 more
- 12 Jun 2001
Ira S. Richman
- 31 May 2002