How to manage Parsley validation and search input?

I try to set some Javascript control over search input but how to manage in the correct way.

As I understand it is executed search event if there is any value but how to detect value and empty value but spaces should be detected due to spam. Due to usability it should be released search even empty field and show up categories.

PHP can manage this but can be also using Parsley validation?

You have listed several criteria there, so let’s try and get a clear understanding of what is required for the search event.

  • “some value” - search for the given value
  • " " - prevent spaces due to spam protection
  • “” - show all categories

Is that about right?

What code library are you using for your search event?

I have never done specific search control.

  1. “some value” - search for the given value
  2. " " - prevent spaces due to spam protection
  3. “” - show all categories
  4. Cross-Site Request Forgery (CSRF)
  5. Cross-Site Scripting Attacks (XSS)
    //Security validation
    //Cross-Site Request Forgery (CSRF) 
    //if(!isset($_SESSION['cc_session_csrf']) || $_SESSION['cc_session_csrf'] !== $_POST['cc_csrf_token'])
    //    throw new RuntimeException('CSRF attack');
        //Do the rest of the processing here

    //Cross-Site Scripting Attacks (XSS)
    //$xss_message = trim($_POST["message"]);// validate comment
    //if (empty($xss_bodycon)) {exit("must provide a comment");}
    //$comment = strip_tags($xss_message);// sanitize comment
    //file_put_contents("xss_message.txt", $xss_message, FILE_APPEND);// comment is now safe for storage
    //$xss_bodycon = file_get_contents("xss_message.txt");// escape comments before display
    //echo htmlspecialchars($xss_message);

Are you planning to use PHP to sanitize and validate the search-control values?
I find that JS is a bad choice for that, as you can never trust that JS has done anything.

Thank you for all tips.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.