I am pleased to annouce the release of 'reform'. A full tutorial is available here:

http://www.happstack.com/docs/crashcourse/Reform.html

Reform is an HTML form generation and validation library. It follows in the footsteps of formlets and digestive-functors <= 0.2. In fact, much of the code in reform comes from the digestive-functors-0.2 code base.

Reform is designed to be usuable with a wide variety of Haskell web servers and templating libraries. You can find the following packages on hackage:

  • reform - the core library
  • reform-happstack - support for using reform with the Happstack server
  • reform-blaze - support for creating forms for blaze-html
  • reform-hsp - support for creating forms for HSP (another xml/html template library)

The source code is available via darcs at:

http://patch-tag.com/r/stepcut/reform

The darcs repo also includes proof-of-concept support for 'Heist'.

Reform will feel very familiar to formlets and digestive-functors <= 0.2 users.

The primary motivation behind this library is to provide a supported alternative to digestive-functors 0.2 for users that prefer 0.2 over 0.3.

The key new feature in reform is the ability to separate the validation code from the view generation code. This allows library authors to provide validators (known as Proofs) which the users can use when constructing their forms. The proof names appear in the type-signatures. This allows the library author to ensure that the value returned by a user created form is not merely the correct type, but has also passed validation.

The reform-happstack package also provides simple and transparent Cross-Site Request Forgery (CSRF) protection, using the double-submit method. This method has some weaknesses. For example, I believe it can be circumvented if your site is vulnerable to cross-site scripting (XSS) attacks. If you have suggestions on how to improve the CSRF protection -- please let us know!

I hope to do a full comparison of reform vs digestive-functors 0.3 vs yesod forms in a few weeks.