[cgiapp] Re: Usefulness of the FillInForm plugin since the
HTML::FillInForm 2.0 release?
mark at summersault.com
Mon Mar 30 12:08:52 EDT 2009
> I'm wondering if it's time to quit recommending the FillInForm plugin.
> The way I see it, it has about 3 features, all now of questionable value:
> 1. It provides a more convenient syntax than HTML::FillInForm 1.x did. These
> deficiences were fixed in HTML::FillInForm 2.0.
> 2. It defaults the data source to $self->query.
> I don't find that exceptionally useful. It could even be considered an security
> risk to be passing data unchecked from the query on to a new HTML page. Using a
> trusted data source like a Data::FormValidator result or a database row is
> usually a better option.
> 3. It automatically ignores the 'rm' field for you, by taking it as the value
> of mode_param(). That's a nice bit of integration, but it seems that
> mode_param() can work several different ways, and it won't always return the
> name of a query parameter that holds the name of the run mode call. This
> feature also adds no value in the context of dispatching.
Later I thought of one way that the FillInForm adds value: Purely the
abstraction of having a method we control rather than third-party module
I was thinking in particular about Titanium, which includes this plugin,
but also how there is an interest in a pure-perl alternative to
HTML::FillInForm (or rather, the HTML parser behind it).
By keeping a fill_form() method, we have extra flexibility in how we
achive that. We *may* achieve it by convincing the HTML::FillInForm
modules to support an alternative Pure Perl backend. But, but keeping
the method abstraction, we also have the possibility of implementing a
compatibile Pure Perl solution with a completely different module,
with full backcompat for Titanium users.
At least, we could clean-up how the FillInForm plugin is implemented. By
requiring HTML::FillInForm 2.0 for now, the guts of it could be
. . . . . . . . . . . . . . . . . . . . . . . . . . .
Mark Stosberg Principal Developer
mark at summersault.com Summersault, LLC
765-939-9301 ext 202 database driven websites
. . . . . http://www.summersault.com/ . . . . . . . .
More information about the cgiapp