Trim spaces from form input?

Question

Hello so i'm trying to trim the white spaces when the user enter spaces he get an error explaning that he should enter valid chars but if he used: ' test ' the same value is entered in the database do i need to trim that again in javascript ?

function validateForm()
{
    if(trim(document.insert.aname.value) ==="")
    {
      alert("Animal should have a name");
      document.insert.aname.focus();
      return false;
    }
}
function trim(value) {
    return value.replace(/^\s+|\s+$/g,"");
}

please can you help ? the input page is .JSP

I know but this will be processed by servlet where do i put the validation inside the java or JSP ? — user1031152, Nov 14 '11 at 11:40
@user1031152: The java _is_ the JSP. The other bit is javascript — Eric, Nov 14 '11 at 11:42
javascript ES5 now provides [`trim()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim) function for strings — eagor, Jul 25 '14 at 10:26

Eric · Accepted Answer · 2011-11-14T11:54:18.277

11

You're not actually trimming the input. You want this:

//store the input in a variable
var nameInput = document.insert.aname

function validateForm() {
    //Get the trimmed name
    var animalName = trim(nameInput.value)

    if(animalName) {
        //Update the form with the trimmed value, just before the form is sent
        nameInput.value = animalName
    }
    else {
         //Trimmed value is empty
         alert("Animal should have a name");
         nameInput.focus();
         return false;
    }
}

function trim(value) {
    return value.replace(/^\s+|\s+$/g,"");
}

edited Nov 14 '11 at 11:54

answered Nov 14 '11 at 11:41

Eric

95,302
53
242
374

1

Please keep in mind, that this question was tagged as homework. I'd rather give hints than answers in this case. – Smamatti Nov 14 '11 at 11:43
@user1031152: Note that this _doesn't_ prevent me adding arbitrary space-padded strings to your database. If I disable javascript, this code won't run, and it'll let me submit an untrimmed/empty string. Do your validation in the JSP. – Eric Nov 14 '11 at 11:49
well its' a homework as mentioned and they clearly stated we can use javascript and since it's not going live or something i don't think i need to code more and make it more complicated as my first java homework, thanks alot for the solution – user1031152 Nov 14 '11 at 12:03
5

@user1031152: **It's not Java** – Eric Nov 14 '11 at 12:09

score 6 · Answer 2 · answered Nov 14 '11 at 11:53

First, I'm going to offer some unsolicited advice:) Even if your javascript code trims the input from the user, you cannot guarantee that this code will always run. For example, a user might disable javascript on their browser or just use a library (lots of them exist) to programmatically submit form data without using any browser.

So, you should always trim the input on the server side (in your case, in the JSP). In production systems, you need to do a little more than simply trimming, you need to check maximum sizes and data types as well (so if your JSP requires a numeric input, you need to check for that)

What this means is that you essentially have to do data validation twice. The data validation that you do in the browser is there to help the user and it should show a user friendly message when something invalid is entered. The important concept is that the browser validation is not there to provide security as it doesn't provide any. The security comes from the server side validation. It's not so important for server side validation to provide user friendly feedback; it's nice if it does but it's not the top priority.

Now, to your question. When you call something like

trim(document.insert.aname.value)

this doesn't change the value in the form. It just gives back a trimmed version of the form data. So when you submit the form, the space at the end of 'test' goes along with the form data.

It's possible for javascript to manipulate what is in the form but this is not commonly done and is not advisable. So, to summarise:

Your code does not remove the trailing space for the user submitted data
You could change you code to do this but it wouldn't be a good idea as you will have to perform the trim on the server regardless
Therefore, you do need to trim it on the server

Hope this helps. Phil

well first of all thanks alot for your response, and secondly it's a homework and i'm new to this so i don't think they will bother doing validation on client side at the moment but the information you provided is really good and i'll keep that in my mind for my future homeworks — user1031152, Nov 14 '11 at 12:01
You're quite welcome. Just remember to maintain a healthy paranoia if you do get to the point of building production systems. Cheers. — PhilDin, Nov 14 '11 at 12:17

score 1 · Answer 3 · edited Nov 14 '11 at 11:45

1

Hey you can use the jQuery.trim function for this:

var str = " a  ";
str = $.trim(str)

edited Nov 14 '11 at 11:45

Matt

74,352
26
153
180

answered Nov 14 '11 at 11:43

Saurabh Santhosh

130
5

6

*Yay*, lets include a 31kb library for something which can be done in 1 line! – Matt Nov 14 '11 at 11:46
1

well as Smamatti said i can't use any frameworks :( but thanks for the idea – user1031152 Nov 14 '11 at 12:02

Trim spaces from form input?

3 Answers3