good day,
a recent technical support incident conducted remotely and
involving a lot of back and forth of "huh? but i have entered
what you sent me" left me my head scratching.
the reason turned out to be a trailing space in the username of
the django admin loginform (thank god for nginx's "$request_body"
log_format parameter).
this of course sent me on an archeological journey into the lands
of stackoverflow, blogs, and finally #6362 and this mailing list.
it has been some 5 years now since the decision on that
controversial ticket.
i also went through the whole emotianal rollercoaster:
how come, so many batteries are included, but when it comes to
this essential POST best practice, i needed in every single
webform i have ever made, and now i have to do it myself?
error-prone and not DRY. especially for the admin login form,
it is a usability issue.
vs
the BDFL is right, silently discarding user input is just wrong.
just use a package like happyforms[1], or pick a stackoverflow
answer and be done with it.
but wait, then HTML is also wrong, because it silently folds all
whitespace into 1 piece of space, we are all used to this. even
if the user entered whitespace is saved, pushing it back onto the
web will silently corrupt it (unless taken care of). i am not
saying this requirement does not exist for someone, somewhere,
but i have yet to see a site in the wild that needs this (hello,
ascii art people). whitespace in fields was always reserved for
government sites :)
it seems to me that there is a vocal group (majority?) that would
welcome a simple switch to make whitespace go away _now_, instead
of waiting for that perfect solution lurking in the future along
the lines of a generic normalize kwarg, or a flag on _every_
{Char,Text}Field on the model or overriding form.fields
attributes like required.
apps that need to preserve the whitespace are the exception,
not the rule, and that is why i would prefer not to start every
project by overriding BaseForm._clean_fields[2].
so i would like to present another idea for a possibe solution, a
proposal i have not seen so far: to have a global setting like
FORM_STRIP_FIELDS=True or some such and then roughly:
diff --git a/django/forms/forms.py b/django/forms/forms.py
index c9b8cf2..aab737a 100644
--- a/django/forms/forms.py
+++ b/django/forms/forms.py
@@ -8,6 +8,7 @@ from collections import OrderedDict
import copy
import datetime
+from django.conf import settings
from django.core.exceptions import ValidationError, NON_FIELD_ERRORS
from django.forms.fields import Field, FileField
from django.forms.utils import flatatt, ErrorDict, ErrorList
@@ -355,6 +356,8 @@ class BaseForm(object):
if isinstance(field, FileField):
initial = self.initial.get(name, field.initial)
value = field.clean(value, initial)
+ elif isinstance(value, basestring) and settings.FORM_STRIP_FIELDS:
+ value = field.clean(value.strip())
else:
value = field.clean(value)
self.cleaned_data[name] = value
i know, it is a big hammer, but for me, it is like the timezone,
or csrf, i'd like to just set it, and forget about it.
-f
[1]
https://pypi.python.org/pypi/happyforms
[2]
http://chriskief.com/2012/12/21/trim-spaces-in-django-forms/
--
nobody can be exactly like me. even i have trouble doing so.