Closed matthijskooijman closed 3 years ago
Rebased on top of master and made some small changes based on review, going to review next.
Hm, turns out this has an unintended side effect: Because everything lives in one big form, validation errors in e.g. the comment form let the browser prevent submitting the login form.
For now, I've fixed this by reverting this PR on www.destadsbron.nl, but the proper fix for this is probably to separate each form into its own <form>
tag, which is a refactor that we were planning to do anyway (which is #359).
The main point of this PR is the last commit, which guards against insertion of
<script>
tags in HTML fields. The other commits refactor the form input validation so there is now a singlevalidate()
method that must always be called, where this check can be done automatically on all wymeditor fields (previously, validation always required callingvalidateXXXField()
methods explicitly). These refactors were something I had been considering for a while, since they make the form generation again a little bit more declarative and automatic.