Safe Haskell	None

Text.Reform.Happstack

Description

Support for using Reform with the Haskell Web Framework Happstack. http://happstack.com/

Synopsis

Documentation

environment :: Happstack m => Environment m [Input]Source

create an Environment to be used with runForm

happstackEitherForm Source

Arguments

:: Happstack m
=> ([(Text, Text)] -> view -> view)	wrap raw form html inside a form tag
-> Text	form prefix
-> Form m [Input] error view proof a	Form to run
-> m (Either view a)	Result

similar to 'eitherForm environment' but includes double-submit (Cross Site Request Forgery) CSRF protection.

The form must have been created using happstackViewForm

see also: happstackEitherForm.

happstackView Source

Arguments

:: Happstack m
=> ([(Text, Text)] -> view -> view)	wrap raw form html inside a `<form>` tag
-> Text
-> view
-> m view

Utility Function: wrap the view in a <form> that includes double-submit CSRF protection.

calls addCSRFCookie to set the cookie and adds the token as a hidden field.

see also: happstackViewForm, happstackEitherForm, checkCSRF

addCSRFCookie Source

Arguments

:: Happstack m
=> Text	name to use for the cookie
-> m Text

Utility Function: add a cookie for CSRF protection

getCSRFCookie :: Happstack m => Text -> m Text Source

Utility Function: get CSRF protection cookie

checkCSRF :: Happstack m => Text -> m ()Source

Utility Function: check that the CSRF cookie and hidden field exist and are equal

If the check fails, this function will call:

 escape $ forbidden (toResponse "CSRF check failed.")

csrfName :: Text Source

generate the name to use for the csrf cookie

Currently this returns the static cookie reform-csrf. Using the prefix would allow

reformSingle Source

Arguments

:: (ToMessage b, Happstack m, Alternative m, Monoid view)
=> ([(Text, Text)] -> view -> view)	wrap raw form html inside a form tag
-> Text	prefix
-> (a -> m b)	handler used when form validates
-> Maybe ([(FormRange, error)] -> view -> m b)	handler used when form does not validate
-> Form m [Input] error view proof a	the formlet
-> m view

This function allows you to embed a a single Form into a HTML page.

In general, you will want to use the reform function instead, which allows more than one Form to be used on the same page.

see also: reform

reform Source

Arguments

:: (ToMessage b, Happstack m, Alternative m, Monoid view)
=> ([(Text, Text)] -> view -> view)	wrap raw form html inside a `<form>` tag
-> Text	prefix
-> (a -> m b)	success handler used when form validates
-> Maybe ([(FormRange, error)] -> view -> m b)	failure handler used when form does not validate
-> Form m [Input] error view proof a	the formlet
-> m view

this function embeds a Form in an HTML page.

When the page is requested with a GET request, the form view will be rendered.

When the page is requested with a POST request, the form data will be extracted and validated.

If a value is successfully produced the success handler will be called with the value.

On failure the failure handler will be called. If no failure handler is provided, then the page will simply be redisplayed. The form will be rendered with the errors and previous submit data shown.

The first argument to reform is a function which generates the <form> tag. It should generally come from the template library you are using, such as the form function from reform-hsp.

The [(String, String)] argument is a list of '(name, value)' pairs for extra hidden fields that should be added to the <form> tag. These hidden fields are used to provide cross-site request forgery (CSRF) protection, and to support multiple forms on the same page.