A validator is a function called when a recipe, bag or tiddler is PUT to the server. Based on configuration, plugins and policies zero to many validators may be called when an entity is PUT. How things work depends on the type of entity:
Bags and Recipes
By default the description attribute of a bag or recipe is sanitized for dangerous HTML. That function may be turned off or other validators added by adjusting the list of functions in tiddlyweb.web.validator.BAG_VALIDATORS
or tiddlyweb.web.validator.RECIPE_VALIDATORS
. See below for more about the functions.
Tiddlers
Tiddlers are sent through the validator process based on the accept
constraint in the policy of the bag to which the tiddler is being PUT
. If the accept constraint is empty no validation is done. If there is a user, some users, a role or the special policy words ANY
or NONE
listed then the tiddler is passed to the functions in tiddlyweb.web.validator.TIDDLER_VALIDATORS
for every user that does not match the constraint (that is, the content is accepted without validation for the people listed in the constraints).
In the current code distribution there are no TIDDLER_VALIDATORS, they may be added via plugins.
Validator Functions
A validator function has a simple signature: entity, environ
where entity is a bag, recipe or tiddler. The validator either //changes// the provided entity, or raises an exception indicating that it can't be valid. The exceptions are InvalidTiddlerError
, InvalidBagError
, InvalidRecipeError
.
Examples
A simple example validator can be found at http://github.com/tiddlyweb/tiddlyweb-plugins/tree/master/validate-modifier
@bengillies has written validators for sanitizing HTML and TiddlyWiki inputs.