| « Prev | Page 1 | Page 2 | Next » |
Re: Thank You for Enabling JavaScript!
2009-12-09 09:01
•
by
rocco
(unregistered)
|
|
"thank you"
|
Re: Thank You for Enabling JavaScript!
2009-12-09 09:03
•
by
rocco
(unregistered)
|
|
attempting the dreaded comment, i got:
Not sure what it was, but it was logged. A human will eventually look at it. If the problem persists, please Contact Us. If the problem is on the contact form, then ... well ... that pretty much sucks. You can email instead: alexp-at-WorseThanFailure.com. |
|
Maintainability be damned! D:<
|
Re: Thank You for Enabling JavaScript!
2009-12-09 09:13
•
by
JavaScript
(unregistered)
|
you're welcome |
Re: Thank You for Enabling JavaScript!
2009-12-09 09:18
•
by
Unicode
(unregistered)
|
|
Thank you for properly supporting me. ಠ_ಠ
|
Re: Thank You for Enabling JavaScript!
2009-12-09 09:20
•
by
SR
(unregistered)
|
Welcome to TDWTF. It does that. Just keep hitting Back then Submit until it goes through. My personal best is 4 attempts but I'm sure other users can beat me in that particular pissing contest. CAPTCHA: erat (Borat's brother?) |
Re: Thank You for Enabling JavaScript!
2009-12-09 09:26
•
by
Farmer Innes-D'en
(unregistered)
|
|
TRWTF is that anybody assumes client-side Javascript to have done any validation for them. No, really. Page one, people, page one.
|
|
Sorry, but this is probably the biggest non-WTF I've ever seen on this site.
I think someone is clearly confusing "Not everyone runs JavaScript" with "No-one runs JavaScript". Where is this article is there any suggestion that there is not additional validation of data conducted on the server? Clearly the intention of this function (which admittedly has changed since it was named - possibly the only vague WTF in the article) is to tell when a user is attempting to enter an invalid character and provide immediate feedback to the user without requiring a round trip to the server. Last time I checked this is a good thing. There's plenty of WTFs out there to do with JavaScript, but simply using JS to provide additional functionality to a user is most definitely not one of them. |
Re: Thank You for Enabling JavaScript!
2009-12-09 09:29
•
by
Forumtroll
(unregistered)
|
|
This allmost beats the Regex pattern (as seen on our intranet website):
Regex reg = new Regex(@"^\K*$"); if(reg.IsMatch(txtPStrField13.Text)) pfuncInformUser(txtPStreField13); I am not sure what is the most abrasive to my eyes and mind, be it the hillarious regex, or the mindraping abuse of several notations blended into one. The worst of it is, txtPStrField13 is hidden by hardcode. CAPTCHA: conventio! Is is at convent or IO or both? |
|
What did you expect, C#Scrpit? Pah!
|
|
The function is horribly mis-named, but the author doesn't seem to think that's a very big deal. So the WTF is using Javascript to perform input validation? Lame.
|
Re: Thank You for Enabling JavaScript!
2009-12-09 09:37
•
by
eViLegion
(unregistered)
|
|
Is the real WTF the fact that this got posted in the first place?
|
Re: Thank You for Enabling JavaScript!
2009-12-09 09:40
•
by
JuanCarlosII
|
You don't seem to understand. Using JavaScript for anything at all is wrong because someone might not have it enabled. Repeat: everything you ever thought you knew about progressive enhancement is wrong. |
|
Maybe I'm a moran, but I don't see the WTF here. Maybe that means I'm TRWTF.
|
Re: Thank You for Enabling JavaScript!
2009-12-09 09:50
•
by
SR
(unregistered)
|
Dylan Moran? Kevin Moran? CAPTCHA: damnum (if they can't take a joke) |
Re: Thank You for Enabling JavaScript!
2009-12-09 09:54
•
by
NetBen
(unregistered)
|
|
This is a WTF if this is THE only user input validation.
This is NOT a WTF if this function is part of enhancing user experience. Both factors unknown, so useless article. |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:02
•
by
Petrus
(unregistered)
|
|
I say - this is truly a WTF.
Everyone knows that all input-validation should be done serverside, and only serverside. In case a user enters invalid characters in a textfield, the server should simply return a: "error 503 - invalid character(s)" message, and allow the user to guess which character(s) was invalid and why! |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:07
•
by
akatherder
|
Then make sure they have javascript.
|
Re: Thank You for Enabling JavaScript!
2009-12-09 10:08
•
by
javabeats
(unregistered)
|
|
Hmm... well, what if the round trip is an expensive process that takes some time? You could spare the end user from the wait by using client side validation.
(2nd attempt) |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:10
•
by
Callin
|
This says it all. |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:11
•
by
Neville Flynn
(unregistered)
|
|
This is not a WTF unless you add this sentence to the article: "Oh, and they don't perform validation on the server."
By the way, would that JS stop someone from pasting in invalid text? Or does it only work if the user manually types in invalid text? |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:12
•
by
John C. Random
(unregistered)
|
To take that to its logical conclusion, writing software at all is wrong, because someone might not use it. |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:13
•
by
John C. Random
(unregistered)
|
That's no "by the way", it's a concrete example of your first point. There's nothing to stop malicious users hand-whittling the HTTP POST, shitty data and all. |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:14
•
by
Anonymous
(unregistered)
|
What if I call process.php with my own POST variables? :) |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:18
•
by
tetsu
(unregistered)
|
|
TWTF is that there is a function named "numbersonly" that takes three parameters: a field, an event, and a number. Why it takes these three parameters is not obvious. It acts like a real-time input handler, which isn't necessary.
It purports to return True or False depending on if the characters (or single input character, in this case) is a number. Instead, it changes the form and input behavior. The function is tied to the form, tied exclusively to that field, and afaik is called infinitely, because of that last 'else true' that lets you have no myfield or event but still return true as if the input is considered a 'number'. tl;dr It's a boolean utility function that changes the state. Changes the state in ways it never suggests it would. Like allowing alphas and question marks. |
|
ha!
At least this code CAN make sense. i found this script on the wild wild web: <script> if (typeof(window.parent.refreshSessionNoFlash)=="function") { window.parent.refreshSessionNoFlash(); } window.parent.document.getElementById('header-user-details').innerHTML = '<li><a href="/switch">Sign Up/In </a></li>' + '<li><a href="/account" target="_self">My Account</a></li>'; if (typeof(window.parent.showError)=="function") { window.parent.showError ("Your flash player seems to be outdated. You either have JavaScript disabled or an old version of" + " Adobe's Flash Player To use WatchDox please get the latest Flash Player."); } <script> |
|
I:APOSTROPHE:ve had the misfortune to have to fill in a problem:HYPHEN:description form for a :OPENBRACKET:major:CLOSEBRACKET: consumer hardware manufacturer that, while asking for a complete report on why I wanted them to repair my laptop, forbade :OPENBRACKET:server:HYPHEN:side:CLOSEBRACKET: almost all non:HYPHEN:alphanumerics :DASH: the procedure was apparently just to keep removing characters until it stopped giving :QUOTE:Illegal character:QUOTE: errors. Is this typical:QUESTIONMARK:
|
Re: Thank You for Enabling JavaScript!
2009-12-09 10:25
•
by
dkf
|
The eyes have it! (Or they would if the fonts on this system had glyphs for Kannada…) |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:30
•
by
dkf
|
Oh, it has plenty of WTF!s in it even without knowing whether it is the only validation. My favourite that I've seen so far is that bit with checking if it's processing decimal and, if so, comparing to see if the key was a period. When that character is a member of set of chars checked for previously. Thankfully, the test wouldn't lead to an observable outcome anyway, since it's just choosing whether to return false, or to instead return false. Vital decision, that… (Yes, there's a focus change in there. Anyone want to bet which element would be focused on at that point?) |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:44
•
by
Stupid in JS
(unregistered)
|
|
Am I being stupid, or it will never get to this:
else if (dec && (keychar == ".")) { myfield.form.elements[dec].focus(); return false; } as the "." char would've been captured by the indexof just above. And in that case (if it's not one of the "invalid for which it return true" chars), it'd always return false. |
Re: Thank You for Enabling JavaScript!
2009-12-09 10:58
•
by
JuanCarlosII
|
I don't think that anyone's claiming this isn't some pretty bad code, but there's a big gap between bad code and WTF. Generally, if I have to go through the code line-by-line looking for unused elseif statements to try and find a WTF then there isn't one there at all. On the other hand, can anyone tell me what's so bad about allowing ☺? |
Re: Thank You for Enabling JavaScript!
2009-12-09 11:03
•
by
akatherder
|
You would be fine or you would get a syntax error. If you're fine, my job is done. If you get a syntax error, then you don't know what you're doing. |
Re: Thank You for Enabling JavaScript!
2009-12-09 11:21
•
by
BLs
(unregistered)
|
I had a similar problem a couple weeks back. They kept giving me an illegal character error. I finally figured out something else was going on when I'd removed everything from my comments except plain letters and spaces and still got the error. After slogging through their massive amount of obscure javascripts I finally found the function causing the problem. It turned out that my comments were longer than their limit. What's worse: enforcing a limit that you don't tell anyone about, doing it in a function that checks for bad characters, or reporting it as an illegal character error? |
Re: Thank You for Enabling JavaScript!
2009-12-09 11:24
•
by
Anonymously Yours
(unregistered)
|
This is a perfect example of why using sarcasm is wrong. I hope you learned something from this, JuanCarlosII. |
Re: Thank You for Enabling JavaScript!
2009-12-09 11:35
•
by
Anonymous
(unregistered)
|
|
People are defending this as reasonable client-side validation. But as far as I'm concerned, any validation that occurs on every keypress is fundamentally wrong. Why process every single key when you could just process the whole thing on submit? Unless it specifically needs to process every key press I would say that this is definitely a WTF. Not a major one, but a WTF nonetheless.
|
Re: Thank You for Enabling JavaScript!
2009-12-09 11:44
•
by
Complete Moron
(unregistered)
|
|
This code looks like complete shiite and is trying to do too much in a poorly written method. TRWTF is seeing actual value in deploying it, and that value as being worth more than the headache of maintaining this type of junk.
|
Re: Thank You for Enabling JavaScript!
2009-12-09 11:50
•
by
Fedaykin
(unregistered)
|
As long as the server side does *real* validation, then using client side code to provide a better use experience (e.g. instant validation of form fields without a round trip to the server) is a great and useful thing that should be encouraged. |
|
So yes, the code is ugly, it's obviously mutated from something else and is full of bits that aren't needed. And yes, it won't run at all if you have JavaScript turned off. But I agree with a lot of other posters that, assuming there is some validation done server side, it's not much of a WTF.
It there is any WTF, it's why do you need to validate the text in the "thank you note" text area with is presumably only going to be read by a human (other than escaping special characters)? Who cares if somebody wants to put a ☺ in the thank you note? |
Re: Thank You for Enabling JavaScript!
2009-12-09 12:50
•
by
Anon
(unregistered)
|
I see what you did there. Well played Anonymously Yours. |
Re: Thank You for Enabling JavaScript!
2009-12-09 13:00
•
by
mernen
|
On most browsers, pressing Enter on a form that has no explicit submit buttons will submit it either way. |
Re: Thank You for Enabling JavaScript!
2009-12-09 13:22
•
by
Zylon
|
Bob the Angry Flower would like a word with you, Mark. |
Re: Thank You for Enabling JavaScript!
2009-12-09 13:50
•
by
nimchimpsky
(unregistered)
|
|
Errm. Excuse my ignorance, I do plenty of form validation using javascript/ajax. Specifically ajax, it sends request to the server and validates data. I actually have a "validate" button - to check all data is hunky dory.
Then the whole form gets processed after validation. This enables informaitve feedback to be given to user (eg:you need to change field 1 before submitting) Discuss ... |
Re: Thank You for Enabling JavaScript!
2009-12-09 14:10
•
by
Jonathan Collins
(unregistered)
|
Ever heard of SQL injection? |
Re: Thank You for Enabling JavaScript!
2009-12-09 14:10
•
by
voyou
(unregistered)
|
No, it's not, it's an event handler, and as such it returns true or false depending on whether or not the event should be handled further. It has a badly chosen name, sure (both because the name doesn't make clear that it is an event handler, and because it suggests it limits input to numbers, rather than a broader range of characters). But reading the function, it's intent is perfectly clear. The fact that it doesn't do what you incorrectly think it should do, is your problem, not a problem in the code. |
Re: Thank You for Enabling JavaScript!
2009-12-09 14:55
•
by
Fedaykin
(unregistered)
|
Data scrubbing to avoid SQL injection = WTF |
Re: Thank You for Enabling JavaScript!
2009-12-09 14:58
•
by
Jonathan Collins
(unregistered)
|
Well... yes, but I doubt this shop is using parameterized queries. |
Re: Thank You for Enabling JavaScript!
2009-12-09 15:25
•
by
PRMan
(unregistered)
|
|
Is it wrong that the number one thing I got out of this article is that I just felt bad that the little guy didn't have a nose:
ಠೃಠ |
|
In this fine example of the programmer's art, you can feel the coder's desperate fear of unnecessary curly brackets, while the use of whitespace to separate 'if' from 'elseif' (but not other unrelated lines of code) imparts a whimsical air to the function as a whole, as if the author only used the 'else' blocks as an afterthought.
|
|
ಠ͜ಠ
|
Re: Thank You for Enabling JavaScript!
2009-12-09 16:05
•
by
kramthegram
|
|
Dear me! You forgot the colons!
Of course, I left out marking up the colons that mark up the colons, but I don't have infinity time to make up for your sloppy work. |
| « Prev | Page 1 | Page 2 | Next » |
rocco: