Safe Haskell | None |
---|---|
Language | Haskell98 |
Support for using Reform with the Haskell Web Framework Happstack. http://happstack.com/
- environment :: Happstack m => Environment m [Input]
- happstackEitherForm :: Happstack m => ([(Text, Text)] -> view -> view) -> Text -> Form m [Input] error view proof a -> m (Either view a)
- happstackViewForm :: Happstack m => ([(Text, Text)] -> view -> view) -> Text -> Form m input error view proof a -> m view
- happstackView :: Happstack m => ([(Text, Text)] -> view -> view) -> Text -> view -> m view
- addCSRFCookie :: Happstack m => Text -> m Text
- getCSRFCookie :: Happstack m => Text -> m Text
- checkCSRF :: Happstack m => Text -> m ()
- csrfName :: Text
- reformSingle :: (ToMessage b, Happstack m, Alternative m, Monoid view) => ([(Text, Text)] -> view -> view) -> Text -> (a -> m b) -> Maybe ([(FormRange, error)] -> view -> m b) -> Form m [Input] error view proof a -> m view
- reform :: (ToMessage b, Happstack m, Alternative m, Monoid view) => ([(Text, Text)] -> view -> view) -> Text -> (a -> m b) -> Maybe ([(FormRange, error)] -> view -> m b) -> Form m [Input] error view proof a -> m view
Documentation
environment :: Happstack m => Environment m [Input] Source
create an Environment
to be used with runForm
:: Happstack m | |
=> ([(Text, Text)] -> view -> view) | wrap raw form html inside a form tag |
-> Text | form prefix |
-> Form m [Input] error view proof a | Form to run |
-> m (Either view a) | Result |
similar to 'eitherForm environment' but includes double-submit (Cross Site Request Forgery) CSRF protection.
The form must have been created using happstackViewForm
see also: happstackViewForm
:: Happstack m | |
=> ([(Text, Text)] -> view -> view) | wrap raw form html inside a |
-> Text | |
-> Form m input error view proof a | |
-> m view |
similar to viewForm
but includes double-submit
(Cross Site Request Forgery) CSRF protection.
Must be used with happstackEitherForm
.
see also: happstackEitherForm
.
:: Happstack m | |
=> ([(Text, Text)] -> view -> view) | wrap raw form html inside a |
-> Text | |
-> view | |
-> m view |
Utility Function: wrap the view
in a <form>
that includes
double-submit CSRF protection.
calls addCSRFCookie
to set the cookie and adds the token as a
hidden field.
see also: happstackViewForm
, happstackEitherForm
, checkCSRF
Utility Function: add a cookie for CSRF protection
getCSRFCookie :: Happstack m => Text -> m Text Source
Utility Function: get CSRF protection cookie
checkCSRF :: Happstack m => Text -> m () Source
Utility Function: check that the CSRF cookie and hidden field exist and are equal
If the check fails, this function will call:
escape $ forbidden (toResponse "CSRF check failed.")
generate the name to use for the csrf cookie
Currently this returns the static cookie "reform-csrf". Using the prefix would allow
:: (ToMessage b, Happstack m, Alternative m, Monoid view) | |
=> ([(Text, Text)] -> view -> view) | wrap raw form html inside a form tag |
-> Text | prefix |
-> (a -> m b) | handler used when form validates |
-> Maybe ([(FormRange, error)] -> view -> m b) | handler used when form does not validate |
-> Form m [Input] error view proof a | the formlet |
-> m view |
:: (ToMessage b, Happstack m, Alternative m, Monoid view) | |
=> ([(Text, Text)] -> view -> view) | wrap raw form html inside a |
-> Text | prefix |
-> (a -> m b) | success handler used when form validates |
-> Maybe ([(FormRange, error)] -> view -> m b) | failure handler used when form does not validate |
-> Form m [Input] error view proof a | the formlet |
-> m view |
this function embeds a Form
in an HTML page.
When the page is requested with a GET
request, the form view will
be rendered.
When the page is requested with a POST
request, the form data
will be extracted and validated.
If a value is successfully produced the success handler will be called with the value.
On failure the failure handler will be called. If no failure handler is provided, then the page will simply be redisplayed. The form will be rendered with the errors and previous submit data shown.
The first argument to reform
is a function which generates the
<form>
tag. It should generally come from the template library
you are using, such as the form
function from reform-hsp
.
The [(String, String)]
argument is a list of '(name, value)'
pairs for extra hidden fields that should be added to the
<form>
tag. These hidden fields are used to provide cross-site
request forgery (CSRF) protection, and to support multiple forms on
the same page.