Validate HTML Form Data Assertion
The Validate HTML Form Data assertion is used to validate the data set within an HTML form—for example, to require that a certain field must appear a minimum number of times or cannot appear more than once. You can specify which fields (i.e., form controls) are allowed, their data types, and their location in the request.
gateway90
The
Validate HTML Form Data
assertion is used to validate the data set within an HTML form—for example, to require that a certain field must appear a minimum number of times or cannot appear more than once. You can specify which fields (i.e., form controls) are allowed, their data types, and their location in the request. This assertion only works on HTTP requests; it is skipped if the request is not HTTP.
Ensure that this assertion appears before the routing assertion in the policy.
To further refine the allowable fields, include the Compare Expression assertion in the policy. For example, you are permitting only fields named "widget" with values over 100. To do this, define field widget with data type number in the Validate HTML Form Data assertion. In the Compare Expression assertion, add "widget > 100". The Compare Expression assertion can precede or follow the Validate HTML Form Data assertion. If you need to access the HTTP form parameters, use the ${request.http.parameter} context variable.
Using the Assertions
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- When adding the assertion, theHTML Form Data Propertiesautomatically appear; when modifying the assertion, right-clickValidate HTML Form Datain the policy window and selectHTML Form Data Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.
- Configure the properties as follows:SettingDescriptionSubmission method allowedSelect which submission methods are allowed:GET,POST. Requests made using other HTTP methods will cause the assertion to fail.You must select at least one method .Request must contain the following fields:Define the fields that are permitted in the request. The assertion succeeds only when a message containsallthe listed fields, with the appropriate details.
- To add a field, click [Add] and then enter the field information as described below.
- To remove a field, click anywhere in the row to select it, then click [Remove]. The field is removed immediately.
Complete the field details as follows:- Name:Type the name of the field. All names must be unique. The name is case sensitive.
- Data Type:Double-click and select which data type to allow:number,file,string, or<any>. (Note:The data typefilerequires the submission methodPOST.)
- Min Occurs:Enter the minimum number of times the field must appear in the request. To indicate that the field is optional (i.e., may or may not be present), enter a value of0(zero).
- Max Occurs:Enter the maximum number of times the field is allowed to appear in the request. The maximum may be the same as the minimum if you wish to enforce a specific number of occurrences.
- Location:Double-click and specify where the field must be located in the request: within therequest URL,request body, oranywherein the request. (Note: The locationrequest bodyrequires the submission methodPOST.) .
- Allow Empty:Select this check box to allow the field to have an empty value. (Note: By default, when a policy using the Number data type is imported from a previous version, this check box will be deselected by default.)
Disallow other fieldsIndicate how you want to treat all other fields not specified in the table:- Select this check box to allowonlythe listed fields in the request. The presence of any other fields will cause the assertion to fail. This makes the assertion more restrictive.
- Clear this check box to allow any other field in the requestin additionto the fields listed in the table. This makes the assertion more broad .
- Click [OK]when done.