The malloy::html::form class provides a function populate() to pre-fill form fields based on parsed data.
This feature is mainly useful to re-populate a form if a user submitted it with incorrect or partially missing data. This way, the user can be presented with an error message and doesn't need to re-enter all of the information.
However, in it's current implementation, this is a potentially dangerous function to use. If this function is called and another user gets served the same form, both users receive the pre-filled data.
The overall mechanism is still desired to keep around. However, modifications are necessary to make this more "safe" out of the box. Ideally, the mechanism would be modified in a way that the original form does not get modified.
This can be accomplished through various means:
Separating the form structure from the view
Passing the parsed data to the form renderer
Removing the ability to render a form from malloy as this might be considered to be more within the scope of zim.
The
malloy::html::form
class provides a functionpopulate()
to pre-fill form fields based on parsed data. This feature is mainly useful to re-populate a form if a user submitted it with incorrect or partially missing data. This way, the user can be presented with an error message and doesn't need to re-enter all of the information.However, in it's current implementation, this is a potentially dangerous function to use. If this function is called and another user gets served the same form, both users receive the pre-filled data.
The overall mechanism is still desired to keep around. However, modifications are necessary to make this more "safe" out of the box. Ideally, the mechanism would be modified in a way that the original form does not get modified. This can be accomplished through various means:
malloy
as this might be considered to be more within the scope ofzim
.