feat(gnoweb): form - input md extension #4061
Conversation
github-project-automation
bot
added this to
🧙♂️gno.land core team and 💪 Bounties & Worx
Gno2D2
added
the
review/triage-pending
🛠 PR Checks SummaryAll Automated Checks passed. ✅ Manual Checks (for Reviewers):
Read More🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers. ✅ Automated Checks (for Contributors):🟢 Maintainers must be able to edit this pull request (more info) ☑️ Contributor Actions:
☑️ Reviewer Actions:
📚 Resources:Debug
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Codecov ReportAttention: Patch coverage is
📢 Thoughts on this report? Let us know! |
Gno2D2
removed
the
review/triage-pending
alexiscolin
changed the title
|
Regarding a #3899 form implementation, it would need a modification of the realm to handle the query, like: router.HandleFunc("/", func(res *mux.ResponseWriter, req *mux.Request) {
hasDenom, hasAddr := req.Query.Has("denom"), req.Query.Has("addr")
switch {
case hasAddr && hasDenom:
denom := req.Query.Get("denom")
addr := req.Query.Get("addr")
res.Write(renderAddressBalance(denom, std.Address(addr)))
case hasDenom:
denom := req.Query.Get("denom")
totalSupply := TotalSupply(denom)
res.Write(renderCoinInfo(denom, totalSupply))
default: // default rendering
res.Write(renderHomepage())
}
})cc @notJoon |
Gno2D2
added
the
review/triage-pending
@alexiscolin |
|
Can you please add an example of how to use this? preferably in |
github-actions
bot
added
the
🧾 package/realm
There was a problem hiding this comment.
Besides my comments, I was thinking that since we ultimately fall back on ||| for columns, we could keep things markdown-friendly ?
syntax idea:
<gno-form>
@input[My Username](username)
@input_password[My Password](password)
@input_<type>[<placeholder>](<name>) # or maybe the other way around ?
@submit[Login]
</gno-form>Im not against keeping html style but i think we could go for a more markdown syntax.
wdyt ?
| -- output.html -- | ||
| <form class="gno-form" method="post"> | ||
| <div class="gno-form_header"> | ||
| <span><span class="font-bold"> r/test </span> Form</span><span class="tooltip" data-tooltip="This form is secure and processed on the current r/test realm itself."><svg class="w-4 h-4"><use href="#ico-info"></use></svg></span></div> |
There was a problem hiding this comment.
error should be for something not recoverable, i suggest you simply override the previous value if duplicate and ignore attribute if it doest not exist.
| // formContext is used to keep track of form's state across parsing. | ||
| type formContext struct { | ||
| PrevContext *formContext | ||
| IsOpen bool // Indicates if a block has been correctly opened. | ||
| Index int // Index of the current form; 0 indicates no form. | ||
| OpenTag *FormNode // First opening tag for this context. | ||
| HasValidInputs bool // Indicates if the form has at least one valid input | ||
| RealmName string // Realm name from context | ||
| } |
There was a problem hiding this comment.
Context makes sense for columns because you have to track tags between other markdown components. For your specific case, it's a single block, so you have to use Continue + Close to create your markdown component.
Gno2D2
removed
the
review/triage-pending
| <gno-form> | ||
| <gno-input name="name" placeholder="Enter your name" /> | ||
| <gno-input name="email" placeholder="Enter your email" /> | ||
| </gno-form> |
There was a problem hiding this comment.
| <gno-form> | |
| <gno-input name="name" placeholder="Enter your name" /> | |
| <gno-input name="email" placeholder="Enter your email" /> | |
| </gno-form> | |
| <form> | |
| <input name="name" placeholder="Enter your name" /> | |
| <input name="email" placeholder="Enter your email" /> | |
| </form> |
Wouldn't this make sense in GNO and standard HTML? What is the default behavior in HTML when we don't specify the method and action of a <form>?
If we pursue this, I suggest using the original W3C HTML but with filtered parameters. For instance, we could disable all the parameters of <form> for now, and include only the name, placeholder, type, and value for ainputandtextarea` elements.
Regarding the submit functionality, I believe we can add support for the submit input type. However, I suggest establishing a default behavior when there is no submit button, such as responding to the "Enter" key or applying changes when the user leaves the field.
As a reminder to readers, this original PR only supports GET forms. This allows for more flexible interaction with realms rendering. However, we currently do not permit forging transactions using HTML forms; this capability is only available through wallets at this time or by using txlink from the Render function. We will consider TX builders from forms in the future.
|
Would be great if we could also specify the render path for the form, apart from the query params. This would allow us to go to a specific page within the same realm, ie |
This PR introduces secure and interactive form handling capabilities to Gno realms, enabling user input through markdown-based forms with built-in security measures.
Technical Implementation
HTTP Handler Enhancements
muxpackage for internal realm argument modificationMarkdown Extensions
<gno-form>: Container for form elements<gno-input>: Text input fields (text only)nameattribute for input identificationplaceholderfor user guidanceSecurity & UX Features
Validation Rules
nameattribute enforcementExample Implementation
When submitted, the form data is automatically transformed into query parameters and redirected as a GET request. The realm must implement the necessary logic to handle these parameters and update its state accordingly.
Security Considerations