Web tier: servlets, JSP, Web frameworks: HTML Screen Scraping in JSP/HTML pages
- Posted by: Lalatendu Dash
- Posted on: May 26 2004 10:26 EDT
One of the possible requirements is that the end users would use HTML screen scrapers to access the application.
We would like to know the following:
* Can HTML screen scrapers modify the request data (and hence bypass the client side validations)?
* Are there any specific guidelines to be followed? e.g. server side validation?
Any kind of inputs on this will be highly appreciated.
Thanks in advance,
- HTML Screen Scraping in JSP/HTML pages by Matthew Wilson on May 26 2004 11:39 EDT
- HTML Screen Scraping in JSP/HTML pages by Paul Strack on May 26 2004 11:47 EDT
You should perform server-side validations in addition to client-side validations no matter what kind of web-app you are building. It is always possible to circumvent client-side validations.
Utilities like Jakarta's Validator framework can make this process easier: http://jakarta.apache.org/commons/validator/
Here is my general approach:
1. Client-side validations to make the user experience better.
2. Server-side validations to ensure data is valid. Often identical to client-side validations.
Thanks a lot for the valuable inputs !
I take your point that the validations need to be built in the server side, no matter whether they are there in the client side or not. Given this, would you be able to throw some lights on the following.
* Is there any generic guideline that can give me some details about how to implement the scenario when validations need to be there in both client as well as server sides ? Using the validator framework is one way of implemention. I am interested in a more generic form of the guidelines.
* Is there any standard method/tool for "testing" the system when validations are there in both client as well as server side ?
* In you third point you have mentioned about "Generation Tool" and "Regular Expressions". Can you please elaborate on this a bit ! What exactly are they ?
* While validating the data in the server side, apart from validating the data contents, should we need to put some extra validations like if the number of data fields are proper etc ?
Thanks and Regards,
Hmm. I am afraid I don't know of any articles specifically on this topic. It is a tough problem.
All of these are very difficult problems to solve. Rather than trying to build them from scratch, I suggest you take a look at the existing web frameworks to see how they are supported there. Struts is the most popular framework. Other frameworks (such as Tapestry and my own framework, Chrysalis) handle it as well.
Even if you do decide to build your own code to handle this, I suggest you look at one or more of those frameworks to see how they handle the problem.
Very valuable inputs !! Thanks a lot mate..