Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by webmaestro

  1. +1 to enable Regular Expressions for validating FORM elements. A close second would be for Caspio to offer a few different form field types like Email: - ZIP code & ZIP+4 - Credit Card - Phone number
  2. I don't think this is very helpful... There's a glaring hole in this logic. The actual Credit Card number is still in the source. After following your logic, here is my HTML Block: <script language="JavaScript"> var str = "[@field:card_number]"; var n = str.replace(/.(?=.{4})/g, 'x'); document.write(n); </script> and here is what's output by the DataPage: <td colspan="2"> <script language="JavaScript"> var str="1234567812345678"; //VERY BAD: Credit Card # *unencrypted* in source! var n = str.replace(/.(?=.{4})/g, 'x'); document.write(n); </script>xxxxxxxxxxxx5678 <!-- credit card # 'encrypted' in display --> </td> It's pretty important that the Credit Card number *not* be in the HTML or JavaScript output. What would be better would be something on the *SERVER* end via some 'Formatting' option on the Search and Report Wizard - Configure Details Page Fields 'Standard' or 'Advanced' tab, so that the output becomes something along these lines: [@field:card_number.replace(/.(?=.{4})/g, 'x')] Even better, would be to *store* the credit card information in an ENCRYPTED format. [EDIT] Even better would be not to store the CC info at all... [/EDIT] Here's an interesting post covering this: http://www.perlmonks.org/?node_id=74488
  • Create New...