THT is in early Beta. We welcome contributors & feedback.

Web.tempGetInput

Web.tempGetInput(method, inputName, inputType = 'token')

Description

TemporaryThis method will be removed when a more complete form-handling solution is added.

Get an input value submitted by the user, via form (POST) or URL query string (GET).

inputName corresponds to the name attribute of the form field.

method can be get or post.

// Example GET
// URL:  https://yoursite.com/forum?topicId=1234

let query = Web.tempGetInput('get', 'topicId', 'id');
//= 1234

// Example POST from a form
let userId  = Web.tempGetInput('post', 'userId', 'id');
let subject = Web.tempGetInput('post', 'commentTitle', 'text');
let comment = Web.tempGetInput('post', 'commentBody', 'textarea');

Input Types

Values that do not pass validation for the given inputType are returned as an empty string ''.

inputType can be any one of the following:

id
    Allowed: letters & digits (a-z A-Z 0-9)
    Examples: 'a52ba452', 'july', 'myUserName'
    Max Length: 64

number
    Allowed: digits (0-9)
    Examples: 12345
    Max Length: 8

numberAny
    Allowed: digits & number symbols/separators (0-9 - . , ')
    Examples: 23, -1, 2.345, 1,000 
    Max Length: 10

email
    Allowed: ____@____.___
    Examples: me@mail.com, other@mail.co.uk
    Max Length: 80

flag
    Allowed: true | false | 1 | 0

text (one line of text)
    Transforms: strip HTML tags, newlines to spaces
    Max Length: 120

textarea (multiple lines of text)
    Transforms: strip HTML tags, crunch whitespace
    Max Length: none

dangerDangerRaw
    Raw value with no validation.

Security

Cross-origin requests are not allowed for non-GET requests, because they can be used in Cross-Site Request Forgery (CSRF) attacks.

If you must get input from cross-origin requests, set method to dangerDangerRemote.