| Safe Haskell | None |
|---|---|
| Language | Haskell98 |
Text.Reform.Happstack
Contents
Description
Support for using Reform with the Haskell Web Framework Happstack. http://happstack.com/
Synopsis
- environment :: Happstack m => Environment m [Input]
- happstackEitherForm :: Happstack m => ([(Text, Text)] -> view -> view) -> Text -> Form m [Input] error view proof a -> m (Either view a)
- happstackViewForm :: Happstack m => ([(Text, Text)] -> view -> view) -> Text -> Form m input error view proof a -> m view
- happstackView :: Happstack m => ([(Text, Text)] -> view -> view) -> Text -> view -> m view
- addCSRFCookie :: Happstack m => Text -> m Text
- getCSRFCookie :: Happstack m => Text -> m Text
- checkCSRF :: Happstack m => Text -> m ()
- csrfName :: Text
- reformSingle :: (ToMessage b, Happstack m, Alternative m, Monoid view) => ([(Text, Text)] -> view -> view) -> Text -> (a -> m b) -> Maybe ([(FormRange, error)] -> view -> m b) -> Form m [Input] error view proof a -> m view
- reform :: (ToMessage b, Happstack m, Alternative m, Monoid view) => ([(Text, Text)] -> view -> view) -> Text -> (a -> m b) -> Maybe ([(FormRange, error)] -> view -> m b) -> Form m [Input] error view proof a -> m view
Documentation
environment :: Happstack m => Environment m [Input] Source #
create an Environment to be used with runForm
Arguments
| :: Happstack m | |
| => ([(Text, Text)] -> view -> view) | wrap raw form html inside a form tag |
| -> Text | form prefix |
| -> Form m [Input] error view proof a | Form to run |
| -> m (Either view a) | Result |
similar to 'eitherForm environment' but includes double-submit (Cross Site Request Forgery) CSRF protection.
The form must have been created using happstackViewForm
see also: happstackViewForm
Arguments
| :: Happstack m | |
| => ([(Text, Text)] -> view -> view) | wrap raw form html inside a |
| -> Text | |
| -> Form m input error view proof a | |
| -> m view |
similar to viewForm but includes double-submit
(Cross Site Request Forgery) CSRF protection.
Must be used with happstackEitherForm.
see also: happstackEitherForm.
Arguments
| :: Happstack m | |
| => ([(Text, Text)] -> view -> view) | wrap raw form html inside a |
| -> Text | |
| -> view | |
| -> m view |
Utility Function: wrap the view in a <form> that includes
double-submit CSRF protection.
calls addCSRFCookie to set the cookie and adds the token as a
hidden field.
see also: happstackViewForm, happstackEitherForm, checkCSRF
Arguments
| :: Happstack m | |
| => Text | name to use for the cookie |
| -> m Text |
Utility Function: add a cookie for CSRF protection
getCSRFCookie :: Happstack m => Text -> m Text Source #
Utility Function: get CSRF protection cookie
checkCSRF :: Happstack m => Text -> m () Source #
Utility Function: check that the CSRF cookie and hidden field exist and are equal
If the check fails, this function will call:
escape $ forbidden (toResponse "CSRF check failed.")
generate the name to use for the csrf cookie
Currently this returns the static cookie "reform-csrf". Using the prefix would allow
Arguments
| :: (ToMessage b, Happstack m, Alternative m, Monoid view) | |
| => ([(Text, Text)] -> view -> view) | wrap raw form html inside a form tag |
| -> Text | prefix |
| -> (a -> m b) | handler used when form validates |
| -> Maybe ([(FormRange, error)] -> view -> m b) | handler used when form does not validate |
| -> Form m [Input] error view proof a | the formlet |
| -> m view |
Arguments
| :: (ToMessage b, Happstack m, Alternative m, Monoid view) | |
| => ([(Text, Text)] -> view -> view) | wrap raw form html inside a |
| -> Text | prefix |
| -> (a -> m b) | success handler used when form validates |
| -> Maybe ([(FormRange, error)] -> view -> m b) | failure handler used when form does not validate |
| -> Form m [Input] error view proof a | the formlet |
| -> m view |
this function embeds a Form in an HTML page.
When the page is requested with a GET request, the form view will
be rendered.
When the page is requested with a POST request, the form data
will be extracted and validated.
If a value is successfully produced the success handler will be called with the value.
On failure the failure handler will be called. If no failure handler is provided, then the page will simply be redisplayed. The form will be rendered with the errors and previous submit data shown.
The first argument to reform is a function which generates the
<form> tag. It should generally come from the template library
you are using, such as the form function from reform-hsp.
The [(String, String)] argument is a list of '(name, value)'
pairs for extra hidden fields that should be added to the
<form> tag. These hidden fields are used to provide cross-site
request forgery (CSRF) protection, and to support multiple forms on
the same page.
Orphan instances
| FormInput [Input] Source # | |
Methods getInputString :: (FormError error, ErrorInputType error ~ [Input]) => [Input] -> Either error String Source # getInputStrings :: [Input] -> [String] Source # getInputText :: (FormError error, ErrorInputType error ~ [Input]) => [Input] -> Either error Text Source # getInputTexts :: [Input] -> [Text] Source # getInputFile :: (FormError error, ErrorInputType error ~ [Input]) => [Input] -> Either error (FileType [Input]) Source # | |