XHTML requires that the id attribute begin with a letter. form_build_id is set to an MD5 hash so 10 times out of 16 it begins with a number. This patch just puts an 'f' at the front of every form_build_id.

It is not clear to me why we are outputting an id field containing a randomly-generated hash in the first place. How can it ever be useful? Scripting, I guess.

CommentFileSizeAuthor
#4 xhtml-valid-form-id.patch1.07 KBStefan Nagtegaal
form-build-id.patch1.08 KBbjaspan
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Stefan Nagtegaal’s picture

Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commented

Isn't it nicer todo:

-      $form_build_id = md5(mt_rand());
+      $form_build_id = 'form-'. md5(mt_rand());

instead of:

-      $form_build_id = md5(mt_rand());
+      $form_build_id = 'f'.md5(mt_rand());

Just my $0,02..

Stefan Nagtegaal’s picture

Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commented
Title: form_build_id must start with a letter » form_build_id must start with a letter for XHTML compliance

Set better title

nedjo’s picture

nedjo
he/him/his
Primary language English
CreditAttribution: nedjo commented
Status: Needs review » Needs work

Yes, we should make this change.

I agree that 'form-' is a better prefix.

Stefan Nagtegaal’s picture

Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commented
Status: Needs work » Reviewed & tested by the community
FileSize
xhtml-valid-form-id.patch1.07 KB

Updated code, that works!

Dries’s picture

Dries CreditAttribution: Dries commented
Status: Reviewed & tested by the community » Fixed

Committed! Thanks.

eaton’s picture

eaton CreditAttribution: eaton commented

It is not clear to me why we are outputting an id field containing a randomly-generated hash in the first place. How can it ever be useful? Scripting, I guess.

For the record, we do this because it allows us to identify, via the incoming $_POST data, what specific version of a form is coming in. Not just the form's identification (like, 'node-story-form') but the specific instance of that form, built on a particular page at a particular time for a particular user.

This is particularly useful when AJAX code is making client-side modifications to a form; it can relay information back to the server to keep the server side validation code in sync with the client side form, for that particular instance.

bjaspan’s picture

bjaspan CreditAttribution: bjaspan commented

Eaton,

For the record, we [are outputting an id field (emphasis added) containing a randomly-generated hash] because it allows us to identify, via the incoming $_POST data, what specific version of a form is coming in.

No, you are outputting a hidden form field whose value is a randomly-generated hash for that purpose. Outputting an id field as well has no such benefit as id fields are not transmitted back to the server. It has very little cost and I suppose it can help with debugging, but it has no benefit in any other case I can think of.

eaton’s picture

eaton CreditAttribution: eaton commented

Thanks for the clarification, I misread your post. You are correct that the hidden field serves that purpose.

bjaspan’s picture

bjaspan CreditAttribution: bjaspan commented

Okay. I'm glad to know I'm not crazy. :-)

Anonymous’s picture

(not verified) CreditAttribution: commented
Status: Fixed » Closed (fixed)