Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
CyFox2015-06-22 21:14:36
Ruby on Rails
CyFox, 2015-06-22 21:14:36

Ruby on Rails is it possible to prevent changes to form values ​​(composed by form_for) in the browser?

Let's say we have a model with records whose id is: 1, 2, 3, 4, 5, 6. These records can be added to the list (select). But for certain objects of a different model, for which a form is created, you do not need to add the entire set of these values, but for example, add only 2, 3, 6. The rest of the values ​​are unacceptable.
For what we create select with values ​​2, 3, 6 for one form. However, it remains possible to open the html code of the page and change the value (value) of the option tag in select to any other and send (commit) the form with the changed value, which the controller will accept without problems. As a result, we get an unacceptable record in the database.
Is it possible to protect the form (form_for) from changing the values ​​(value) by the user in the browser?
Or do you need to write your own validation at the model level or write exceptions in the controller (considering that you actually have to repeat the code that selects acceptable values ​​​​to compose a select)? I tried googling but couldn't find any information on this.
I would be happy to hear suggestions and recommendations on this issue.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
J
Jeiwan, 2015-06-23
@CyFox

1. Everything that is in the user's browser belongs to the user, and he can do whatever he wants with it. You can't prevent a user from editing files on your computer through Rails, can you?
2. All data entered by the user in the forms must be additionally checked on the server. That is, if you want only 2, 3 or 6 in a certain field, then you need to do this check on the server.

Report
_
_ _, 2015-06-22
@AMar4enko

Own validation on the model - my choice

Similar questions
C
chuhnevdan2021-04-13 09:38:42
Hello, I have a Django project, the task is the following, there is a csv file, it is necessary to create a table on the page based on it, what is the mistake? 2Reply
A
Alexandra Bashura2015-08-30 20:01:22
How to insert an icon in front of the text? 4Reply
Z
zggb2014-10-28 16:19:10
Is it possible to do without a database in a search form? 2Reply
R
Roman Mirilaczvili2016-10-28 17:10:49
What are the replication tools in PostgreSQL for a beginner? 1Reply
M
Megapiharb2016-10-31 00:49:09
How to allow only one type of user to authenticate through devise? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question