A validator is a function called when a
recipe,
bag or
tiddler is
PUT to the server. Based on configuration,
plugins and
policies zero to many validators may be called when an entity is PUT. How things work depends on the type of entity:
Bags and Recipes
By default the description attribute of a bag or recipe is sanitized for dangerous HTML. That function may be turned off or other validators added by adjusting the list of functions in
tiddlyweb.web.validator.BAG_VALIDATORS or
tiddlyweb.web.validator.RECIPE_VALIDATORS. See below for more about the functions.
Tiddlers
Tiddlers are sent through the validator process based on the
accept constraint in the
policy of the bag to which the tiddler is being
PUT. If the accept constraint is empty no validation is done. If there is a
user, some users, a
role or the special policy words
ANY or
NONE listed then the tiddler is passed to the functions in
tiddlyweb.web.validator.TIDDLER_VALIDATORS for every user that
does not match the constraint (that is, the content is accepted without validation for the people listed in the constraints).
In the current code distribution there are no ~TIDDLER_VALIDATORS, they may be added via
plugins.
Validator Functions
A validator function has a simple signature:
entity, environ where entity is a bag, recipe or tiddler. The validator either
changes the provided entity, or raises an exception indicating that it can't be valid. The exceptions are
InvalidTiddlerError,
InvalidBagError,
InvalidRecipeError.
Examples
A simple example validator can be found at
http://github.com/tiddlyweb/tiddlyweb-plugins/tree/master/validate-modifierBen Gillies has
written validators for sanitizing
HTML and
TiddlyWiki inputs.