Menu
I have a form and a submit function in my client file:
function submitme () {
var message = $('#daform').serializeJSON();
message.owner = Meteor.user().username;
if(!message.description || !message.location.lat || !message.location.lng || !message.mysex || !message.yoursex) {
return;
}
else
{
lists.insert(message);
console.log("Submitted!");
$('#daform')[0].reset();
}
}
That works pretty well although - it's CLIENT side validation => not secure.
How do I implement a "back-up" validation check in my server file? ( + bonus question : how do I set a timer so that once you've submitted you need to wait X seconds before you re-submit? )
397
When you enter data, the browser and/or the web server will check to see that the data is in the correct format and within the constraints set by the application. Validation done in the browser is called client-side validation, while validation done on the server is called server-side validation.
In the Server Side Validation, the input submitted by the user is being sent to the server and validated using one of server side scripting languages such as ASP.Net, PHP etc. After the validation process on the Server Side, the feedback is sent back to the client by a new dynamically generated web page.
Server-side validation helps prevent users from bypassing validation by disabling or changing the client script. Security Note: By default, ASP.NET Web pages automatically validate that malicious users are not attempting to send script or HTML elements to your application.
Always! Web technologies have evolved a lot in the past few years, both on the server-side as well as on the client's side. There are many web frameworks, UI kits, JavaScript libraries and everything you need to easily and rapidly develop a website or web application.
You can use http://docs.meteor.com/#deny (You can use allow but it might be easier to put validation stuff in a seperate deny) as deny will override allow in the event it shouldn't be inserted:
It works just as a backup method on the server just before its inserted.
With your message collection
Server Js
message.deny({
insert: function (userId, doc) {
return (!doc.description || !doc.location.lat || !doc.location.lng || !doc.mysex || !doc.yoursex);
},
update: function (userId, docs, fields, modifier) {
return (!doc.description || !doc.location.lat || !doc.location.lng || !doc.mysex || !doc.yoursex);
}
);
Note: Returning false from deny means not to deny. To deny the update, you must return true.
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
