Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

prevent pasting into a CGI textbox

by nosbod (Scribe)
on Jul 25, 2005 at 09:08 UTC ( [id://477727]=perlquestion: print w/replies, xml ) Need Help??

nosbod has asked for the wisdom of the Perl Monks concerning the following question:

the tool in question is a clinical study tool whereby nursing staff will be entering patient data. the idea is that it's crucial to enter the correct patient identifier and in order to do this the spec requests it to be entered twice. Yes, sure, they could get around it if they tried but the idea is to 'encourage' the user to enter it by hand twice.

Maybe i'll just allow them to cut n paste. At least they would be scanning the entry as they c n p and spot any mistake

Replies are listed 'Best First'.
Re: prevent pasting into a CGI textbox
by Zaxo (Archbishop) on Jul 25, 2005 at 09:16 UTC

    Nope. You might approximate it with javascript, but I doubt if you could completely close it off. I'd switch off javascript if you tried to enforce that on me.

    What alleged problem is this meant to solve?

    It's clearly not a perl problem - strictly a client-side matter between the user and his browser.

    After Compline,
    Zaxo

      I know what you and a few others below are saying about the user interface issue but this seems to be a data integrity issue and sounds like it is meant to solve a serious problem; mixing up medical records and making sure a data set for a study isn't corrupted. Depending on the situation this is a problem that kills a lot of people.

      It's still not a perl question but with JS you can probably solve it in a few ways that the casual (non-technical, one-time) user couldn't get around while still being able to submit the form. Don't write the form at all unless JS is on and do some primitive checksum via onkeypress that writes it to a JS created hidden input field/node so you know that at least X characters were pressed in the same order in each field (or clear both and start over) and it wasn't a cut and paste. Then send the form and checksum data to perl on submit for validation.

Re: prevent pasting into a CGI textbox
by jhourcle (Prior) on Jul 25, 2005 at 10:22 UTC

    There is no way to do this reliably.

    That being said, depending on the situation, the issue may be that someone pasting in an answer is going to fill out the form too quickly. If the attempt is just to slow down the user, you can use sessions, and verify that the don't fill out the form too quickly. Even without sessions, you can pass a timestamp in a hidden field using a two-way encryption, then extract it on submission, and check how much time has elapsed.

    I can't personally think of other reasons to not allow pasting -- for longer messages on here, I tend to work in a real text editor, and paste my answers in. (And I also paste into password boxes all the time -- I store passwords in an encrypted database, so I don't need to remember them all.)

    Update: With the changed requirements, I'd recommend removing the duplicated field as a check -- it's not reliable. Instead, use something to verify that has a very unlikely chance of collision, like the patient's name. Although this means they're entering redundant info, it's no worse than what you had as the initial solution. Even better, from a usability standpoint would be to get the patient ID, then fill in the patient details for them, and they would (hopefully) realize that it's not the right person.

    I'm not sure if this is some sort of a privacy violation, as it might allow someone to mine the system for patients, but even just having them enter the patient IDand surname, and populate the rest may be a good middle ground. (you'll have to check with your legal department...HIPPA and all that, if you're in the US.)

    Note -- in HTML, 'textarea' refers to one of the large block things, like we type comments into...'text input' refers to shorter, single line entries, like the title line

Re: prevent pasting into a CGI textbox
by CountZero (Bishop) on Jul 25, 2005 at 12:19 UTC
    Or you could get the user to first type in the patient identifier in the first textbox and then choose the patient identifier from a listbox (this assumes that the patient identifiers are not too numerous and can be quickly gathered from a database).

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

      And/or do something AJAX-y, like pulling up some distinguishing details about the entered patient identifier into a nearby <div> and make the user click a checkbox after they've verified the information (and the checkbox only becomes clickable after they've entered the patient id).

      --
      We're looking for people in ATL

Re: prevent pasting into a CGI textbox
by Molt (Chaplain) on Jul 25, 2005 at 09:23 UTC

    I can't think of one, and to be honest I'm not sure why you'd want this.

    If you're thinking that not being able to copy/paste anything that's meant to be moderately secure will stop them typing it in a seperate editor I think you're mistaken. People are used to how webbrowsers work, and used to being able to c'n'p into them.. stopping them on your site alone will simply mean they type it into their editor, find they can't c'n'p, so retype it from the 'in editor version' still on screen, and then get irritated at your system for not allowing them to do what they want, and are used to being able to do.

    Less secure (Info on screen longer), and less usable than if you'd just obeyed the priniciple of least surprise and let them do what they're trying to.

    As to how it'd be done if you had absolutely had to- forget Javascript. If there's a good enough reason that you'd need to disable my browsers basic functionality I have a good enough reason to disable Javascript when I'm using your system.

    You'd be better looking at embedded technologies such as Java or Flash, which whilst I appreciate may get eyebrows raised from a lot of Perl-packin' monks does also sidestep the interface familiarity issue.. people aren't as used to being able to c'n'p into an embedded technology anyway.

Re: prevent pasting into a CGI textbox
by anonymized user 468275 (Curate) on Jul 25, 2005 at 11:10 UTC
    To prevent cut and paste, how about asking them to enter the id (or email address or whatever) first forward and then in reverse. Then reverse the second entry before comparing them for equality using a subroutine; for example:
    # assuming the strings are now stored in $forward and $backward... Reverse( \$backward ); unless ( $forward eq $backward ) { # code to handle confirm error } #... # pass the string by reference e.g. Reverse( \$backward ); sub Reverse { my $sref = shift; my $reversed = ''; for ( my $idx = length( $$sref ) - 1; $idx >= 0; $idx-- ) { $reversed .= substr( $$sref, $idx, 1 ); } $$sref = $reversed; }

    One world, one people

Re: prevent pasting into a CGI textbox
by inman (Curate) on Jul 25, 2005 at 11:34 UTC
    The following worked in IE but not in Firefox. The Javascript onpaste event is cancelled.
    <p> <textarea name="textfield">Cut 'n' Paste</textarea> </p> <p> <textarea name="textfield" onpaste="return false;">Type only</textar +ea> </p>
Re: prevent pasting into a CGI textbox
by neniro (Priest) on Jul 25, 2005 at 09:18 UTC
Re: prevent pasting into a CGI textbox
by Anonymous Monk on Jul 25, 2005 at 11:35 UTC
    some ideas...

    use password fields, the entered patient id will show up as '*' and they can't cut and paste from one field to the other (but they could cut from another application and paste into both...).

    if your patient id is fixed length, (say N characters) then use N seperate input fields and use some javascript to automatically move the focus to the next field after a key is pressed. don't know how cut and paste would work with this but hopefully a key-press is an event and a cut and paste is also an event so if you only accept one character per event cut and paste won't work...

    or along the same line, in just plain text entry fields, have event triggered javascript that adds a non-display character (or even a space) after every keystroke, if they cut and paste then the second textbox will have the extra characters and you can throw an error.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://477727]
Approved by Tanalis
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (6)
As of 2024-03-28 16:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found