Fog Creek Software
Discussion Board




Even Microsoft are silly sometimes

http://lab.msdn.microsoft.com/productfeedback/viewfeedback.aspx?feedbackId=62350b61-0075-4f24-86a0-b0edbeb6bd86

Looks like they should be more sensible with their web form validation.

If only they had the tools available to do these things properly ;^)

Steve Jones (UK)
Tuesday, June 29, 2004

Heheh.

My favourite silly MS web page was the one accessible from somewhere in an old version of Media Player, which listed the supported file formats -- such as RMI, which apparently stands for "Remote Method Invocation"...

Can't find the original now, though this might be a Japanese translation of it:

http://www.microsoft.com/japan/windows/windowsmedia/software/v7/v7faq.asp

...
Tuesday, June 29, 2004

OOPS!
That's kinda like being able to roll down the window on a 747 while in flight.  Ironically, Microsoft's support of HTML apps kinda kills the need to use windows, provided someone has the drive to make an IE clone for Solaris/Linux.

Devin
Tuesday, June 29, 2004

It reminded me of when Joel (and Michael) added the Fog Creek Software line to their postings and various people (you know who you are) tried to add their own extra lines.

It was easy to do at the time, but no longer works.

Steve Jones (UK)
Tuesday, June 29, 2004


It's a bug report for a BETA product. I'm sure your beta products are perfect, but for the rest of mere mortals we use a beta to find things that have might have slipped through the cracks.

Huh?
Tuesday, June 29, 2004

Is it possible that anyone in the entire universe would have missed the point any more than that?

Steve Jones (UK)
Tuesday, June 29, 2004


"Is it possible that anyone in the entire universe would have missed the point any more than that? "

I think so, since I didn't get the joke either. Are making light of the fact their bug reporting tool has a bug in it? Where's the punchline?

Richard Dyer
Tuesday, June 29, 2004

<Explanation>
I thought it was ironic that they have all these tools, like ASP.NET, VS.NET, etc, that are supposed to make validation such a doddle, but when it comes down to it, they don't even use them.
Also, just because it's a web-form for a beta product, doesn't mean you'd expect bugs in the form (in the product, yes, of course, but in the bug-reporting form, no way). That's what I meant by missing the point.
There is no punchline, it is irony, that's all. Not meant to be a side-splitting, guffaw-inducing, Vaudevillian classic.
</Explanation>

Steve Jones (UK)
Wednesday, June 30, 2004


But the bug-reporting tool *is* part of the product. The bug reporting tool that the user used to report the problem is a *different* bug reporting tool. I guess that's why I failed to see the irony.

And the validation tools you mention are largely sold as ways of forcing your users to enter text into required fields, do regex validation, etc. The problem mentioned in this bug report is about changing HTML in hidden or disabled controls. This isn't really within the realm of the "Drag N Drop" validators in VS.NET.

So, at the end of the day we see that MS had a bug in a beta product that allowed user to manually edit the HTML contained in a hidden or disabled control. I don't attribute that to mass incompetence. If your honest, it's something any one of us could do.

Richard Dyer
Wednesday, June 30, 2004

actually that's one of the issues with the built in .net controls: they're not safe against this sort of attack. so one reccomendation (i think on this board a long time ago) is to write your own label & textbox controls which fix the issue.
the .net 1.1 hack is to disable all < and > signs in input unless yo disable the hack 'security' feature in the web.config.

mb
Wednesday, June 30, 2004

*  Recent Topics

*  Fog Creek Home