p_W wrote: > So this won't fix the problem of user input outside the browser, but > what about implementing the date fields as <select>'s instead of text > fields? You will still have to sanitize the data but at least you > have defined the format in which the user inputs it through the > browser.
I recommend this setup for date entry since it does help a little with the input sanitizing: When you use a Select tag, the user input options are known values and it allows you to be much more aggressive and unforgiving with your input validation. Text box input requires some fuzzy acceptance of values, but a Select/Options list does not - you can validate against a fixed set of values and anything else must have come from a Bad Guy. - Aaron --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
