rubyonrailsin

On 20 March 2010 18:52, Joshua Martin <josmar52789@gmail.com> wrote:
> The text_field should be disabled so that the user can't put it a
> random date without regard to the terms or invoice date.

So what stops them writing their own form and posting whatever value
they want? Or using some DOM manipulation tools (Firebug?) to tweak
the value?

If you are calculating the value of the field client-side using JS,
you shouldn't *trust* the returned params value server-side. It would
be trivial to re-do in the controller whatever calculation you're
doing on the client to guarantee the saved value is correct.

This would then allow you to do anything you like with the JS
client-side; update a text box as you are, or the contents of a span;
don't stress about whether the textbox is read-only (because you're
not using its return value), and worry less about whether the user's
browser has JS support at all...

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.