有了前台的javaScript校验,为什么要使用Validator框架进行后台校验呢?因为为了安全。有些黑客会绕过前台js校验;而且Validator框架也可以生成对应js代码;
下面我就把写好的validator验证框架转换成相应的JS代码,只要一条语句,非常方便:
register.jsp文件代码如下:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib uri="http://struts.apache.org/tags-html" prefix="html"%> <%@ taglib uri="http://struts.apache.org/tags-bean" prefix="bean"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>用户注册</title> <html:javascript formName="registerForm" method="validRegister"/> </head> <body> <center> <table> <html:form action="/Register" method="POST" onsubmit="return validRegister(this)"> <tr><td colspan="2" align="center"><bean:message key="form.userRegister"/></td></tr> <tr> <td><bean:message key="form.username"/>:</td> <td><html:text property="username"></html:text></td> <td><html:errors property="username"/></td> </tr> <tr> <td><bean:message key="form.password"/>:</td> <td><html:text property="password"></html:text></td> <td><html:errors property="password"/></td> </tr> <tr> <td><bean:message key="form.password2"/>:</td> <td><html:text property="password2"></html:text></td> <td><html:errors property="password2" /></td> </tr> <tr> <td><bean:message key="form.email"/>:</td> <td><html:text property="email"></html:text></td> <td><html:errors property="email"/></td> </tr> <tr> <td align="center" colspan="3"> <html:submit><bean:message key="form.submit"></bean:message></html:submit> <html:reset><bean:message key="form.reset"></bean:message></html:reset> </td> </tr> </html:form> </table> </center> </body> </html>
?在<title>标签下面的<html:javascript>标签表示要生成JavaScript代码,当只有formName时,那么在表单中要使用
<html:form action="/Register" method="POST" onsubmit="return validateRegisterForm (this)">
对JS进行调用。
如果同时指定了method方法,那么在表单中使用onsubmit="return validRegister"对JS进行调用。
?
如下是转换之后的JS代码:
<script type="text/javascript" language="Javascript1.1"> <!-- Begin var bCancel = false; function validRegister(form) { if (bCancel) { return true; } else { var formValidationResult; formValidationResult = validateRequired(form) && validateMinLength(form) && validateMaxLength(form) && validateEmail(form); return (formValidationResult); } } function registerForm_required () { this.a0 = new Array("username", "用户名 是必须的.", new Function ("varName", "this.minlength='3'; this.maxlength='7'; return this[varName];")); this.a1 = new Array("password", "密码 是必须的.", new Function ("varName", "this.minlength='3'; this.maxlength='7'; return this[varName];")); this.a2 = new Array("password2", "密码确认 是必须的.", new Function ("varName", "this.test='((password == null) or (*this* == password))'; return this[varName];")); } function registerForm_minlength () { this.a0 = new Array("username", "用户名 不能小于 3 字符.", new Function ("varName", "this.minlength='3'; this.maxlength='7'; return this[varName];")); this.a1 = new Array("password", "密码 不能小于 3 字符.", new Function ("varName", "this.minlength='3'; this.maxlength='7'; return this[varName];")); } function registerForm_maxlength () { this.a0 = new Array("username", "用户名 不能大于 7 字符.", new Function ("varName", "this.minlength='3'; this.maxlength='7'; return this[varName];")); this.a1 = new Array("password", "密码 不能大于 7 字符.", new Function ("varName", "this.minlength='3'; this.maxlength='7'; return this[varName];")); } function registerForm_email () { this.a0 = new Array("email", "邮箱 无效的邮箱地址.", new Function ("varName", " return this[varName];")); } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateUtilities.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * This is a place holder for common utilities used across the javascript validation * **/ /** * Retreive the name of the form * @param form The form validation is taking place on. */ function jcv_retrieveFormName(form) { // Please refer to Bugs 31534, 35127, 35294, 37315 & 38159 // for the history of the following code var formName; if (form.getAttributeNode) { if (form.getAttributeNode("id") && form.getAttributeNode("id").value) { formName = form.getAttributeNode("id").value; } else { formName = form.getAttributeNode("name").value; } } else if (form.getAttribute) { if (form.getAttribute("id")) { formName = form.getAttribute("id"); } else { formName = form.attributes["name"]; } } else { if (form.id) { formName = form.id; } else { formName = form.name; } } return formName; } /** * Handle error messages. * @param messages Array of error messages. * @param focusField Field to set focus on. */ function jcv_handleErrors(messages, focusField) { if (focusField && focusField != null) { var doFocus = true; if (focusField.disabled || focusField.type == 'hidden') { doFocus = false; } if (doFocus && focusField.style && focusField.style.visibility && focusField.style.visibility == 'hidden') { doFocus = false; } if (doFocus) { focusField.focus(); } } alert(messages.join('\n')); } /** * Checks that the array element is a valid * Commons Validator element and not one inserted by * other JavaScript libraries (for example the * prototype library inserts an "extends" into * all objects, including Arrays). * @param name The element name. * @param value The element value. */ function jcv_verifyArrayElement(name, element) { if (element && element.length && element.length == 3) { return true; } else { return false; } } /** * Checks whether the field is present on the form. * @param field The form field. */ function jcv_isFieldPresent(field) { var fieldPresent = true; if (field == null || (typeof field == 'undefined')) { fieldPresent = false; } else { if (field.disabled) { fieldPresent = false; } } return fieldPresent; } /** * Check a value only contains valid numeric digits * @param argvalue The value to check. */ function jcv_isAllDigits(argvalue) { argvalue = argvalue.toString(); var validChars = "0123456789"; var startFrom = 0; if (argvalue.substring(0, 2) == "0x") { validChars = "0123456789abcdefABCDEF"; startFrom = 2; } else if (argvalue.charAt(0) == "0") { validChars = "01234567"; startFrom = 1; } else if (argvalue.charAt(0) == "-") { startFrom = 1; } for (var n = startFrom; n < argvalue.length; n++) { if (validChars.indexOf(argvalue.substring(n, n+1)) == -1) return false; } return true; } /** * Check a value only contains valid decimal digits * @param argvalue The value to check. */ function jcv_isDecimalDigits(argvalue) { argvalue = argvalue.toString(); var validChars = "0123456789"; var startFrom = 0; if (argvalue.charAt(0) == "-") { startFrom = 1; } for (var n = startFrom; n < argvalue.length; n++) { if (validChars.indexOf(argvalue.substring(n, n+1)) == -1) return false; } return true; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateFloatRange.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are in a valid float range. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateFloatRange(form) { var isValid = true; var focusField = null; var i = 0; var fields = new Array(); var oRange = eval('new ' + jcv_retrieveFormName(form) + '_floatRange()'); for (var x in oRange) { if (!jcv_verifyArrayElement(x, oRange[x])) { continue; } var field = form[oRange[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea') && (field.value.length > 0)) { var fMin = parseFloat(oRange[x][2]("min")); var fMax = parseFloat(oRange[x][2]("max")); var fValue = parseFloat(field.value); if (!(fValue >= fMin && fValue <= fMax)) { if (i == 0) { focusField = field; } fields[i++] = oRange[x][1]; isValid = false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return isValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateMask.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid using a regular expression. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateMask(form) { var isValid = true; var focusField = null; var i = 0; var fields = new Array(); var oMasked = eval('new ' + jcv_retrieveFormName(form) + '_mask()'); for (var x in oMasked) { if (!jcv_verifyArrayElement(x, oMasked[x])) { continue; } var field = form[oMasked[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea' || field.type == 'file') && (field.value.length > 0)) { if (!jcv_matchPattern(field.value, oMasked[x][2]("mask"))) { if (i == 0) { focusField = field; } fields[i++] = oMasked[x][1]; isValid = false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return isValid; } function jcv_matchPattern(value, mask) { return mask.exec(value); } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateDate.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid date. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateDate(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); var oDate = eval('new ' + jcv_retrieveFormName(form) + '_DateValidations()'); for (var x in oDate) { if (!jcv_verifyArrayElement(x, oDate[x])) { continue; } var field = form[oDate[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } var value = field.value; var isStrict = true; var datePattern = oDate[x][2]("datePatternStrict"); // try loose pattern if (datePattern == null) { datePattern = oDate[x][2]("datePattern"); isStrict = false; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea') && (value.length > 0) && (datePattern.length > 0)) { var MONTH = "MM"; var DAY = "dd"; var YEAR = "yyyy"; var orderMonth = datePattern.indexOf(MONTH); var orderDay = datePattern.indexOf(DAY); var orderYear = datePattern.indexOf(YEAR); if ((orderDay < orderYear && orderDay > orderMonth)) { var iDelim1 = orderMonth + MONTH.length; var iDelim2 = orderDay + DAY.length; var delim1 = datePattern.substring(iDelim1, iDelim1 + 1); var delim2 = datePattern.substring(iDelim2, iDelim2 + 1); if (iDelim1 == orderDay && iDelim2 == orderYear) { dateRegexp = isStrict ? new RegExp("^(\\d{2})(\\d{2})(\\d{4})$") : new RegExp("^(\\d{1,2})(\\d{1,2})(\\d{4})$"); } else if (iDelim1 == orderDay) { dateRegexp = isStrict ? new RegExp("^(\\d{2})(\\d{2})[" + delim2 + "](\\d{4})$") : new RegExp("^(\\d{1,2})(\\d{1,2})[" + delim2 + "](\\d{4})$"); } else if (iDelim2 == orderYear) { dateRegexp = isStrict ? new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})(\\d{4})$") : new RegExp("^(\\d{1,2})[" + delim1 + "](\\d{1,2})(\\d{4})$"); } else { dateRegexp = isStrict ? new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})[" + delim2 + "](\\d{4})$") : new RegExp("^(\\d{1,2})[" + delim1 + "](\\d{1,2})[" + delim2 + "](\\d{4})$"); } var matched = dateRegexp.exec(value); if(matched != null) { if (!jcv_isValidDate(matched[2], matched[1], matched[3])) { if (i == 0) { focusField = field; } fields[i++] = oDate[x][1]; bValid = false; } } else { if (i == 0) { focusField = field; } fields[i++] = oDate[x][1]; bValid = false; } } else if ((orderMonth < orderYear && orderMonth > orderDay)) { var iDelim1 = orderDay + DAY.length; var iDelim2 = orderMonth + MONTH.length; var delim1 = datePattern.substring(iDelim1, iDelim1 + 1); var delim2 = datePattern.substring(iDelim2, iDelim2 + 1); if (iDelim1 == orderMonth && iDelim2 == orderYear) { dateRegexp = isStrict ? new RegExp("^(\\d{2})(\\d{2})(\\d{4})$") : new RegExp("^(\\d{1,2})(\\d{1,2})(\\d{4})$"); } else if (iDelim1 == orderMonth) { dateRegexp = isStrict ? new RegExp("^(\\d{2})(\\d{2})[" + delim2 + "](\\d{4})$") : new RegExp("^(\\d{1,2})(\\d{1,2})[" + delim2 + "](\\d{4})$"); } else if (iDelim2 == orderYear) { dateRegexp = isStrict ? new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})(\\d{4})$") : new RegExp("^(\\d{1,2})[" + delim1 + "](\\d{1,2})(\\d{4})$"); } else { dateRegexp = isStrict ? new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})[" + delim2 + "](\\d{4})$") : new RegExp("^(\\d{1,2})[" + delim1 + "](\\d{1,2})[" + delim2 + "](\\d{4})$"); } var matched = dateRegexp.exec(value); if(matched != null) { if (!jcv_isValidDate(matched[1], matched[2], matched[3])) { if (i == 0) { focusField = field; } fields[i++] = oDate[x][1]; bValid = false; } } else { if (i == 0) { focusField = field; } fields[i++] = oDate[x][1]; bValid = false; } } else if ((orderMonth > orderYear && orderMonth < orderDay)) { var iDelim1 = orderYear + YEAR.length; var iDelim2 = orderMonth + MONTH.length; var delim1 = datePattern.substring(iDelim1, iDelim1 + 1); var delim2 = datePattern.substring(iDelim2, iDelim2 + 1); if (iDelim1 == orderMonth && iDelim2 == orderDay) { dateRegexp = isStrict ? new RegExp("^(\\d{4})(\\d{2})(\\d{2})$") : new RegExp("^(\\d{4})(\\d{1,2})(\\d{1,2})$"); } else if (iDelim1 == orderMonth) { dateRegexp = isStrict ? new RegExp("^(\\d{4})(\\d{2})[" + delim2 + "](\\d{2})$") : new RegExp("^(\\d{4})(\\d{1,2})[" + delim2 + "](\\d{1,2})$"); } else if (iDelim2 == orderDay) { dateRegexp = isStrict ? new RegExp("^(\\d{4})[" + delim1 + "](\\d{2})(\\d{2})$") : new RegExp("^(\\d{4})[" + delim1 + "](\\d{1,2})(\\d{1,2})$"); } else { dateRegexp = isStrict ? new RegExp("^(\\d{4})[" + delim1 + "](\\d{2})[" + delim2 + "](\\d{2})$") : new RegExp("^(\\d{4})[" + delim1 + "](\\d{1,2})[" + delim2 + "](\\d{1,2})$"); } var matched = dateRegexp.exec(value); if(matched != null) { if (!jcv_isValidDate(matched[3], matched[2], matched[1])) { if (i == 0) { focusField = field; } fields[i++] = oDate[x][1]; bValid = false; } } else { if (i == 0) { focusField = field; } fields[i++] = oDate[x][1]; bValid = false; } } else { if (i == 0) { focusField = field; } fields[i++] = oDate[x][1]; bValid = false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return bValid; } function jcv_isValidDate(day, month, year) { if (month < 1 || month > 12) { return false; } if (day < 1 || day > 31) { return false; } if ((month == 4 || month == 6 || month == 9 || month == 11) && (day == 31)) { return false; } if (month == 2) { var leap = (year % 4 == 0 && (year % 100 != 0 || year % 400 == 0)); if (day>29 || (day == 29 && !leap)) { return false; } } return true; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateFloat.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid float. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateFloat(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); var oFloat = eval('new ' + jcv_retrieveFormName(form) + '_FloatValidations()'); for (var x in oFloat) { if (!jcv_verifyArrayElement(x, oFloat[x])) { continue; } var field = form[oFloat[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea' || field.type == 'select-one' || field.type == 'radio')) { var value = ''; // get field's value if (field.type == "select-one") { var si = field.selectedIndex; if (si >= 0) { value = field.options[si].value; } } else { value = field.value; } if (value.length > 0) { // remove '.' before checking digits var tempArray = value.split('.'); //Strip off leading '0' var zeroIndex = 0; var joinedString= tempArray.join(''); while (joinedString.charAt(zeroIndex) == '0') { zeroIndex++; } var noZeroString = joinedString.substring(zeroIndex,joinedString.length); if (!jcv_isAllDigits(noZeroString) || tempArray.length > 2) { bValid = false; if (i == 0) { focusField = field; } fields[i++] = oFloat[x][1]; } else { var iValue = parseFloat(value); if (isNaN(iValue)) { if (i == 0) { focusField = field; } fields[i++] = oFloat[x][1]; bValid = false; } } } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return bValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateShort.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid short. * Fields are not checked if they are disabled. * * @param form The form validation is taking place on. */ function validateShort(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); var oShort = eval('new ' + jcv_retrieveFormName(form) + '_ShortValidations()'); for (var x in oShort) { if (!jcv_verifyArrayElement(x, oShort[x])) { continue; } var field = form[oShort[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea' || field.type == 'select-one' || field.type == 'radio')) { var value = ''; // get field's value if (field.type == "select-one") { var si = field.selectedIndex; if (si >= 0) { value = field.options[si].value; } } else { value = field.value; } if (value.length > 0) { if (!jcv_isDecimalDigits(value)) { bValid = false; if (i == 0) { focusField = field; } fields[i++] = oShort[x][1]; } else { var iValue = parseInt(value, 10); if (isNaN(iValue) || !(iValue >= -32768 && iValue <= 32767)) { if (i == 0) { focusField = field; } fields[i++] = oShort[x][1]; bValid = false; } } } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return bValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateMaxLength.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * A field is considered valid if less than the specified maximum. * Fields are not checked if they are disabled. * * Caution: Using validateMaxLength() on a password field in a * login page gives unnecessary information away to hackers. While it only slightly * weakens security, we suggest using it only when modifying a password. * @param form The form validation is taking place on. */ function validateMaxLength(form) { var isValid = true; var focusField = null; var i = 0; var fields = new Array(); var oMaxLength = eval('new ' + jcv_retrieveFormName(form) + '_maxlength()'); for (var x in oMaxLength) { if (!jcv_verifyArrayElement(x, oMaxLength[x])) { continue; } var field = form[oMaxLength[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'password' || field.type == 'textarea')) { /* Adjust length for carriage returns - see Bug 37962 */ var lineEndLength = oMaxLength[x][2]("lineEndLength"); var adjustAmount = 0; if (lineEndLength) { var rCount = 0; var nCount = 0; var crPos = 0; while (crPos < field.value.length) { var currChar = field.value.charAt(crPos); if (currChar == '\r') { rCount++; } if (currChar == '\n') { nCount++; } crPos++; } var endLength = parseInt(lineEndLength); adjustAmount = (nCount * endLength) - (rCount + nCount); } var iMax = parseInt(oMaxLength[x][2]("maxlength")); if ((field.value.length + adjustAmount) > iMax) { if (i == 0) { focusField = field; } fields[i++] = oMaxLength[x][1]; isValid = false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return isValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateByte.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid byte. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateByte(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); var oByte = eval('new ' + jcv_retrieveFormName(form) + '_ByteValidations()'); for (var x in oByte) { if (!jcv_verifyArrayElement(x, oByte[x])) { continue; } var field = form[oByte[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea' || field.type == 'select-one' || field.type == 'radio')) { var value = ''; // get field's value if (field.type == "select-one") { var si = field.selectedIndex; if (si >= 0) { value = field.options[si].value; } } else { value = field.value; } if (value.length > 0) { if (!jcv_isDecimalDigits(value)) { bValid = false; if (i == 0) { focusField = field; } fields[i++] = oByte[x][1]; } else { var iValue = parseInt(value, 10); if (isNaN(iValue) || !(iValue >= -128 && iValue <= 127)) { if (i == 0) { focusField = field; } fields[i++] = oByte[x][1]; bValid = false; } } } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return bValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateRequired.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields must contain a value. * Fields are not checked if they are disabled. * * @param form The form validation is taking place on. */ function validateRequired(form) { var isValid = true; var focusField = null; var i = 0; var fields = new Array(); var oRequired = eval('new ' + jcv_retrieveFormName(form) + '_required()'); for (var x in oRequired) { if (!jcv_verifyArrayElement(x, oRequired[x])) { continue; } var field = form[oRequired[x][0]]; if (!jcv_isFieldPresent(field)) { fields[i++] = oRequired[x][1]; isValid=false; } else if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea' || field.type == 'file' || field.type == 'radio' || field.type == 'checkbox' || field.type == 'select-one' || field.type == 'password')) { var value = ''; // get field's value if (field.type == "select-one") { var si = field.selectedIndex; if (si >= 0) { value = field.options[si].value; } } else if (field.type == 'radio' || field.type == 'checkbox') { if (field.checked) { value = field.value; } } else { value = field.value; } if (trim(value).length == 0) { if ((i == 0) && (field.type != 'hidden')) { focusField = field; } fields[i++] = oRequired[x][1]; isValid = false; } } else if (field.type == "select-multiple") { var numOptions = field.options.length; lastSelected=-1; for(loop=numOptions-1;loop>=0;loop--) { if(field.options[loop].selected) { lastSelected = loop; value = field.options[loop].value; break; } } if(lastSelected < 0 || trim(value).length == 0) { if(i == 0) { focusField = field; } fields[i++] = oRequired[x][1]; isValid=false; } } else if ((field.length > 0) && (field[0].type == 'radio' || field[0].type == 'checkbox')) { isChecked=-1; for (loop=0;loop < field.length;loop++) { if (field[loop].checked) { isChecked=loop; break; // only one needs to be checked } } if (isChecked < 0) { if (i == 0) { focusField = field[0]; } fields[i++] = oRequired[x][1]; isValid=false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return isValid; } // Trim whitespace from left and right sides of s. function trim(s) { return s.replace( /^\s*/, "" ).replace( /\s*$/, "" ); } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateMinLength.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * A field is considered valid if greater than the specified minimum. * Fields are not checked if they are disabled. * * Caution: Using validateMinLength() on a password field in a * login page gives unnecessary information away to hackers. While it only slightly * weakens security, we suggest using it only when modifying a password. * @param form The form validation is taking place on. */ function validateMinLength(form) { var isValid = true; var focusField = null; var i = 0; var fields = new Array(); var oMinLength = eval('new ' + jcv_retrieveFormName(form) + '_minlength()'); for (var x in oMinLength) { if (!jcv_verifyArrayElement(x, oMinLength[x])) { continue; } var field = form[oMinLength[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'password' || field.type == 'textarea')) { /* Adjust length for carriage returns - see Bug 37962 */ var lineEndLength = oMinLength[x][2]("lineEndLength"); var adjustAmount = 0; if (lineEndLength) { var rCount = 0; var nCount = 0; var crPos = 0; while (crPos < field.value.length) { var currChar = field.value.charAt(crPos); if (currChar == '\r') { rCount++; } if (currChar == '\n') { nCount++; } crPos++; } var endLength = parseInt(lineEndLength); adjustAmount = (nCount * endLength) - (rCount + nCount); } var iMin = parseInt(oMinLength[x][2]("minlength")); if ((trim(field.value).length > 0) && ((field.value.length + adjustAmount) < iMin)) { if (i == 0) { focusField = field; } fields[i++] = oMinLength[x][1]; isValid = false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return isValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateIntRange.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields is in a valid integer range. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateIntRange(form) { var isValid = true; var focusField = null; var i = 0; var fields = new Array(); var oRange = eval('new ' + jcv_retrieveFormName(form) + '_intRange()'); for (var x in oRange) { if (!jcv_verifyArrayElement(x, oRange[x])) { continue; } var field = form[oRange[x][0]]; if (jcv_isFieldPresent(field)) { var value = ''; if (field.type == 'hidden' || field.type == 'text' || field.type == 'textarea' || field.type == 'radio' ) { value = field.value; } if (field.type == 'select-one') { var si = field.selectedIndex; if (si >= 0) { value = field.options[si].value; } } if (value.length > 0) { var iMin = parseInt(oRange[x][2]("min")); var iMax = parseInt(oRange[x][2]("max")); var iValue = parseInt(value, 10); if (!(iValue >= iMin && iValue <= iMax)) { if (i == 0) { focusField = field; } fields[i++] = oRange[x][1]; isValid = false; } } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return isValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateInteger.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid integer. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateInteger(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); var oInteger = eval('new ' + jcv_retrieveFormName(form) + '_IntegerValidations()'); for (var x in oInteger) { if (!jcv_verifyArrayElement(x, oInteger[x])) { continue; } var field = form[oInteger[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea' || field.type == 'select-one' || field.type == 'radio')) { var value = ''; // get field's value if (field.type == "select-one") { var si = field.selectedIndex; if (si >= 0) { value = field.options[si].value; } } else { value = field.value; } if (value.length > 0) { if (!jcv_isDecimalDigits(value)) { bValid = false; if (i == 0) { focusField = field; } fields[i++] = oInteger[x][1]; } else { var iValue = parseInt(value, 10); if (isNaN(iValue) || !(iValue >= -2147483648 && iValue <= 2147483647)) { if (i == 0) { focusField = field; } fields[i++] = oInteger[x][1]; bValid = false; } } } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return bValid; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateCreditCard.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid creditcard number based on Luhn checksum. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateCreditCard(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); var oCreditCard = eval('new ' + jcv_retrieveFormName(form) + '_creditCard()'); for (var x in oCreditCard) { if (!jcv_verifyArrayElement(x, oCreditCard[x])) { continue; } var field = form[oCreditCard[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'text' || field.type == 'textarea') && (field.value.length > 0)) { if (!jcv_luhnCheck(field.value)) { if (i == 0) { focusField = field; } fields[i++] = oCreditCard[x][1]; bValid = false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return bValid; } /** * Checks whether a given credit card number has a valid Luhn checksum. * This allows you to spot most randomly made-up or garbled credit card numbers immediately. * Reference: http://www.speech.cs.cmu.edu/~sburke/pub/luhn_lib.html */ function jcv_luhnCheck(cardNumber) { if (jcv_isLuhnNum(cardNumber)) { var no_digit = cardNumber.length; var oddoeven = no_digit & 1; var sum = 0; for (var count = 0; count < no_digit; count++) { var digit = parseInt(cardNumber.charAt(count)); if (!((count & 1) ^ oddoeven)) { digit *= 2; if (digit > 9) digit -= 9; }; sum += digit; }; if (sum == 0) return false; if (sum % 10 == 0) return true; }; return false; } function jcv_isLuhnNum(argvalue) { argvalue = argvalue.toString(); if (argvalue.length == 0) { return false; } for (var n = 0; n < argvalue.length; n++) { if ((argvalue.substring(n, n+1) < "0") || (argvalue.substring(n,n+1) > "9")) { return false; } } return true; } /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /*$RCSfile: validateEmail.js,v $ $Rev: 478676 $ $Date: 2006-11-23 21:35:44 +0000 (Thu, 23 Nov 2006) $ */ /** * Check to see if fields are a valid email address. * Fields are not checked if they are disabled. * @param form The form validation is taking place on. */ function validateEmail(form) { var bValid = true; var focusField = null; var i = 0; var fields = new Array(); var oEmail = eval('new ' + jcv_retrieveFormName(form) + '_email()'); for (var x in oEmail) { if (!jcv_verifyArrayElement(x, oEmail[x])) { continue; } var field = form[oEmail[x][0]]; if (!jcv_isFieldPresent(field)) { continue; } if ((field.type == 'hidden' || field.type == 'text' || field.type == 'textarea') && (field.value.length > 0)) { if (!jcv_checkEmail(field.value)) { if (i == 0) { focusField = field; } fields[i++] = oEmail[x][1]; bValid = false; } } } if (fields.length > 0) { jcv_handleErrors(fields, focusField); } return bValid; } /** * Reference: Sandeep V. Tamhankar (stamhankar@hotmail.com), * http://javascript.internet.com */ function jcv_checkEmail(emailStr) { if (emailStr.length == 0) { return true; } // TLD checking turned off by default var checkTLD=0; var knownDomsPat=/^(com|net|org|edu|int|mil|gov|arpa|biz|aero|name|coop|info|pro|museum)$/; var emailPat=/^(.+)@(.+)$/; var specialChars="\\(\\)><@,;:\\\\\\\"\\.\\[\\]"; var validChars="\[^\\s" + specialChars + "\]"; var quotedUser="(\"[^\"]*\")"; var ipDomainPat=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/; var atom=validChars + '+'; var word="(" + atom + "|" + quotedUser + ")"; var userPat=new RegExp("^" + word + "(\\." + word + ")*$"); var domainPat=new RegExp("^" + atom + "(\\." + atom +")*$"); var matchArray=emailStr.match(emailPat); if (matchArray==null) { return false; } var user=matchArray[1]; var domain=matchArray[2]; for (i=0; i<user.length; i++) { if (user.charCodeAt(i)>127) { return false; } } for (i=0; i<domain.length; i++) { if (domain.charCodeAt(i)>127) { return false; } } if (user.match(userPat)==null) { return false; } var IPArray=domain.match(ipDomainPat); if (IPArray!=null) { for (var i=1;i<=4;i++) { if (IPArray[i]>255) { return false; } } return true; } var atomPat=new RegExp("^" + atom + "$"); var domArr=domain.split("."); var len=domArr.length; for (i=0;i<len;i++) { if (domArr[i].search(atomPat)==-1) { return false; } } if (checkTLD && domArr[domArr.length-1].length!=2 && domArr[domArr.length-1].search(knownDomsPat)==-1) { return false; } if (len<2) { return false; } return true; } //End --> </script>?
转一个别人的帖子:
08_使用Validator框架的Javascript校验功能
Q:有了前台的javaScript校验,为什么要使用Validator框架进行后台校验
A:因为为了安全。有些黑客会绕过前台js校验;而且Validator框架也可以生成对应js代码;
下面来演示:
<html> <head> <title>JSP for UserForm form</title> <html:javascript formName="userForm"/> </head> <body> … <html:form action="/RegUser" onsubmit="rerurn validateUserForm(this)"> </body> </html>
ppt讲义
要使用Validator的JavaScript校验功能,要在JSP页面中使用struts的<html:javascript
formName="xxx">的标签,其中的xxx是某个校验域的名称,并在需要验证的表单的onsubmit属性中调用“return
validateXxx()”方法。validateXxx方法名可以通过<html:javascript>的method属性来改变。
如果要为ValidatorActionForm对应的表单生成前台的javascript校验代码,可以使用类似如下的代码:
<html:javascript formName="/logon" />
其中的formName与校验域的名字完全一样,生成的javaScript方法则是按formBean的名称来的。
Validator的javascript校验功能短路问题
关于struts
validator校验器生成的javascript校验功能,还有一个问题,我们先看一下效果,全部都不写,只弹出一个对话框,如果密码和长度很短,则
弹出了两个对话框,从这两个对话上可以看出其规律,就是对于多个表单字段元素违背的同一个校验规则的信息都显示在一个对话框。其实,没必要一下子显示多个
对话框,我们希望只弹出第一个对话框,只有修改完第一个对话框的问题后,才单独弹出第二个对话框的内容,这就是javascript的短路功
能,struts的validator文档关于插件的配置那里就有这个问题的讲解。
因为我们的配置文件配置了stopOnFirstError使用struts1.2之后的功能:弹出所有的错误对话框
<plug-in className="org.apache.struts.validator.ValidatorPlugIn"> <set-property property="pathnames" value="/WEB-INF/validator-rules.xml,/WEB-INF/validation.xml" /> <set-property property="stopOnFirstError" values="false" /> </plug-in>?
删除stopOnFistError属性,或设置其为true
<plug-in className="org.apache.struts.validator.ValidatorPlugIn"> <set-property property="pathnames" value="/WEB-INF/validator-rules.xml,/WEB-INF/validation.xml" /> </plug-in>?
默认情况下就是短路配置,即只弹出第一个错误的对话框,不使用struts1.2之后的全部弹出功能;
?
?
?
?