That's certainly true, but at the risk of getting off-topic, you'd be... living dangerously, let's say... to trust the form to check your data integrity. So you're likely going to be checking it server side anyway.

Personally, I like to see that included in forms, not for any application logic or dubious security reasons, but for the general level of ill will you'll generate by silently and ruthlessly obliterating the input from valid users. Preventing such behavior strikes me as a goal of both the presentation and business logics anyway.

Thats the trouble with html it's not always just about appearance. You know I'm sure I read somewhere that forms will be extended to include validation using xml schmas can't quite remember.

I do recognise that javascript and html validation usually creeps into templates and thus puts logic and code into them.

You can usually use file includes to extract most of the javascript out though and generate form fields server side using CGI.pm.

I know maxsize annoys me if it truncates my form input so yep you should usually tell the user on client side with javascript.

If you accept input > 25 characters, then you are providing a value which does not mesh with the database constraints... there need to be front end checks to ensure that bad data is never presented to the backend.

Exactly. Apps built with bOP only get constraint violations for non-uniqueness or exists. Other constraint violations indicate a bug in the application.

The form field meta data is used in two ways: client side validation and server side validation. We never trust what the client sends us, but we try to give as much feedback as is reasonable (without resorting to JavaScript). That's what the maxsize argument is about. You know it, so might as well encode the HTML with it.

The graphic artist types don't need to concern themselves with any of that logic (if there were any on this project); they just need to know that the condition may be true, in which case a link may appear on the page.

I agree, I think. This turns out to be tricky. Consider the following page:

A | B | C
[download]

NavBar(' | ', ['TASK_A', 'TASK_B', 'TASK_C']);
[download]

sub render {
    my($self, $source, $buffer) = @_;
    my($sep) = $self->render_attribute('separator'. $source);
    my($need_sep) = 0;
    foreach my $w (@{$self->get('values')}) {
        my($b);
        $self->unsafe_render_value($w, $source, \$b);
        $$buffer .= ($need_sep++ ? $sep : '') . $$b
            if $$b;
    }
    return;
}
[download]

The question I have is how would this look in other template languages. And, where do the labels come from? How are permissions determined? Who evaluates if the current user's role and the role's authorized permissions.

That's where the "graphic designer" model breaks down. Either the designer has to know Perl to deal with the missing element problem, or the programmer has to work with the designer. There's no simple solution, but if the templating language doesn't offer ways to ask those questions (and most don't in my experience), you are left making things up as you go. That makes for funky websites where links lead to errors as opposed to using the meta data to ensure links don't get rendered unless you have the permission to execute them.

Good points. For the particular issue you raise, I'd probably pass in an array of items and have the template figure out how to add the 'thing in the middle' in between items, doing The Right Thing if there are 0, 1 and more than one items.

--t. alex
Life is short: get busy!