[Haskell-cafe] ANN: reform - a type-safe form generation and validation library in the spirit of formlets and digestive-functors < 0.2

Jeremy Shaw jeremy at n-heptane.com
Tue May 22 00:18:47 CEST 2012


I am pleased to annouce the release of 'reform'. A full tutorial is
available here:

http://www.happstack.com/docs/crashcourse/Reform.html

Reform is an HTML form generation and validation library. It follows
in the footsteps of formlets and digestive-functors <= 0.2. In fact,
much of the code in reform comes from the digestive-functors-0.2 code
base.

Reform is designed to be usuable with a wide variety of Haskell web
servers and templating libraries. You can find the following packages
on hackage:

 * reform           - the core library
 * reform-happstack - support for using reform with the Happstack server
 * reform-blaze     - support for creating forms for blaze-html
 * reform-hsp       - support for creating forms for HSP (another
xml/html template library)

The source code is available via darcs:

darcs get http://patch-tag.com/r/stepcut/reform

The darcs repo also includes proof-of-concept support for 'Heist'.

Reform will feel very familiar to formlets and digestive-functors <=
0.2 users.

The primary motivation behind this library is to provide a supported
alternative to digestive-functors 0.2 for users that prefer 0.2 over
0.3.

The key new feature in reform is the ability to separate the
validation code from the view generation code. This allows library
authors to provide validators (known as Proofs) which the users can
use when constructing their forms. The proof names appear in the
type-signatures. This allows the library author to ensure that the
value returned by a user created form is not merely the correct type,
but has also passed validation.

The reform-happstack package also provides simple and transparent
Cross-Site Request Forgery (CSRF) protection, using the double-submit
method. This method has some weaknesses. For example, I believe it can
be circumvented if your site is vulnerable to cross-site scripting
(XSS) attacks. If you have suggestions on how to improve the CSRF
protection -- please let us know!

I hope to do a full comparison of reform vs digestive-functors 0.3 vs
yesod forms in a few weeks.

- jeremy



More information about the Haskell-Cafe mailing list