QuackFuzed [ Ramblings of a Con..ColdFuzed Mind ]

cfUniForm v3.3 - Client-Side Cancel Redirect and Cancel Button Bug Fix

Posted on February 27, 2009 at 7:34 AM in Uni-Form Tag Library

One of the questions that I have been asked repeatedly is

"Why does the cancel button still submit the form?"

Well, as of today, you have the option of changing that behavior.

New Feature: The cancelAction Attribute

You can now pass a URL to cfUniForm via the brand new 'cancelAction' attribute. You may pass a full URL, like so...

1. <uform:form action="#cgi.script_name#"
2. id="myDemoForm"
3. cancelAction="http://www.domain.com/index.cfm">

... or you may pass just a file name, like so...

1. <uform:form action="#cgi.script_name#"
2. id="myDemoForm"
3. cancelAction="index.cfm">

If a value is passed, cfUniForm will add it to the rendered JavaScript so that a click of the cancel button will redirect client-side, skipping the default action. It should be noted that this is handled by setting the window.location.href, so if you provide an invalid value, you'll probably end up with some rather strange behavior.

Bug Fix: Cancel Button + Validation

When validation rules were added via the validationSetup attribute, clicking the cancel button would still cause validation routines to run. This bug has been fixed, and the cancel button now bypasses validation.

As always, be sure to download the latest and visit the cfUniForm demos.

Comments

(Comment Moderation is enabled. Your comment will not appear until approved.)

On 3/2/09 at 2:51 PM, Mary Jo said:

Great addition, that will definitely come in handy, thanks!

On 3/3/09 at 5:26 AM, John said:

Hi,
It could be cool if you can format the value in a text field with HTMLEditFormat to prevent XSS attacks.
cfinput does this no ?

On 3/3/09 at 5:52 AM, Matt Quackenbush said:

@ Mary Jo - Thanks for the kind words.

@ John - First of all, cfUniForm does not use cfform or any of the cfform-related tags.

As far as HTMLEditFormat() goes, in my opinion that is not the responsibility of a form library. Some forms should allow HTML and/or JavaScript to be entered, and some should not. As a matter of fact, I have a number of forms in various projects that allow HTML and/or JavaScript in some fields but not in others. I leave that decision up to the developer since only they know the requirements for the application that they are building.

In my applications I typically handle this by having a UDF that goes through the fields that don't allow HTML/JavaScript, and strips out any and all offending items. As far as I am concerned, if the field does not allow it, then entering

&lt;script&gt; // bad stuff here &lt;/script&gt;

into my database is equally as bad as entering the real thing. I don't want any of it, so I strip it in its entirety.

On 3/3/09 at 5:56 AM, Matt Quackenbush said:

@ John - By the way, I forgot to mention, if you don't want to allow HTML/JavaScript in *any* of your forms, just turn on XSS script protection in CF. If you're using Application.cfc, just add

this.scriptProtect = true

If you're using Application.cfm, then add the scriptprotect="true" to the cfapplication tag.

On 3/3/09 at 9:05 AM, Scott Stroz said:

@Matt - any chance the 'cancelAction' could be used to fire off some JS?

I am starting on a project that will be using uniForm with jQuery UI, specifically the dialogs. On forms that are being displayed in the dialog, the 'cancel' button woudl need to close the dialog rather than redirect to a URL.

On 3/3/09 at 5:04 PM, Matt Quackenbush said:

@ Scott - There is currently no support for that in cfUniForm, but I shall put it on the list of future enhancements to look at. In the meantime, there are two options that come to mind:

1) Do not use the 'cancelAction' attribute, and insert a <script> after the closing </uform:form> tag that adds the close trigger to the cancel button.

2) Use showCancel="false" and add a text close trigger to the markup.

HTH

On 4/3/09 at 8:15 AM, dickbob said:

@Matt - Could you also consider a showSubmit="true/false" option?

I have "view" pages where only a cancel button is appropriate.

On 4/3/09 at 10:33 AM, dickbob said:

Ah, looks like I should correct my comment. There is a showSubmit option (it wasn't listed in the Attributes section of form.cfm) but exists later in the script. The only prob is that setting it to false stops any button from being displayed including cancel.

I might have a go a changing the logic and submit the change back to you Matt.

On 4/3/09 at 2:56 PM, David said:

Is there a reason cfuniform lacks a name attribute on the form tag?

On 4/4/09 at 12:06 AM, Matt Quackenbush said:

@ dickbob - I'll have a look at it when I get a chance. Thanks.

@ David - Sure. I use jQuery. Everything is selected by ID or class. In other words, I don't use and never will use a form name again, so I didn't include it. :-)

On 4/9/09 at 10:51 AM, dickbob said:

@Matt - Can I +1 to Scott's suggestion of a JS option for the 'cancelAction' event for the same reasons.

In the meanwhile I'll investigate your suggestions.

On 5/4/09 at 12:42 PM, Steve Weyrick said:

I just stumbled upon cfUniform today, and I viewed the demo. This looks really neat, thanks for making form validation really simple and easy to handle in ColdFusion.

On 9/8/11 at 6:58 PM, erik said:

Is there a way for cfuniform to launch in a new window upon submit buttom is clicked

On 9/8/11 at 9:43 PM, Matt Quackenbush said:

@ Erik - No, that is beyond the scope of cfUniForm's concerns. However, you can do it quite simply by just adding a bit of JavaScript, just like you'd do with any non-cfUniForm form. :-)

On 9/8/11 at 11:39 PM, erik said:

How would I do that

[Add Comment]