Evan Lecklider evanleck

## index.html
<html>
  <head>
    <style>
      /* just a little breathing room for screenshots */
      body { padding: 40px; }
    </style>
  <body>
    <form>
      <input type='email' required name='email'>
      <button type='submit'>

## baseline.js
var validateForm = function(submitEvent) {
  /* We'll fill this in incrementally. */
};

document.addEventListener('DOMContentLoaded', function() {
  var forms = document.querySelectorAll('form');

  for (var index = forms.length - 1; index >= 0; index--) {
    var form = forms[index];

## validity.js
if (!submitEvent.target.checkValidity()) {
  /* oh noes! */
} else {
  return true; /* everything's cool, the form is valid! */
}

## looping.js
var form     = submitEvent.target,
    elements = form.elements;

/* Loop through the elements, looking for an invalid one. */
for (var index = 0, len = elements.length; index < len; index++) {
  var element = elements[index];

  if (element.willValidate === true && element.validity.valid !== true) {
    /* element is invalid, let's do something! */
    /* break from our loop */

## validation-message.js
var message = element.validationMessage,
    parent  = element.parentNode,
    div     = document.createElement('div');

/* Add our message to a div with class 'validation-message' */
div.appendChild(document.createTextNode(message));
div.classList.add('validation-message');

/* Add our error message just after element. */
parent.insertBefore(div, element.nextSibling);

## validateForm.js
var validateForm = function(submitEvent) {
  if (!submitEvent.target.checkValidity()) {
    /* Seriously, hold everything. */
    submitEvent.preventDefault();
    submitEvent.stopImmediatePropagation();
    submitEvent.stopPropagation();

    var form     = submitEvent.target,
        elements = form.elements;

## validationMessageFor.js
/*
  Determine the best message to return based on validity state.
 */
var validationMessageFor = function(element) {
  var name = element.nodeName,
      type = element.type,

      /* Custom, reused messages. */
      emailMessage = "Please enter a valid email address.";

## layout.erb
<meta name='csrf-token' content='<%= session[:csrf] %>'>

## csrf.coffee
$(document).on 'submit', 'form', ->
  form   = $(this)
  method = form.attr('method').toUpperCase()
  token  = $('meta[name=csrf-token]').attr('content')

  # add the CSRF token as a hidden input to the form
  if method? and method isnt 'GET'
    form.prepend $('<input>', name: '_csrf', type: 'hidden', value: token)

## sinatra.rb
before do
  session[:csrf] ||= SecureRandom.hex(32)

  response.set_cookie 'authenticity_token', {
    value: session[:csrf],
    expires: Time.now + (60 * 60 * 24 * 180), # that's 180 days
    path: '/',
    httponly: true
    # secure: true # if you have HTTPS (and you should) then enable this
	<html>
	<head>
	<style>
	/* just a little breathing room for screenshots */
	body { padding: 40px; }
	</style>
	<body>
	<form>
	<input type='email' required name='email'>
	<button type='submit'>
	var validateForm = function(submitEvent) {
	/* We'll fill this in incrementally. */
	};

	document.addEventListener('DOMContentLoaded', function() {
	var forms = document.querySelectorAll('form');

	for (var index = forms.length - 1; index >= 0; index--) {
	var form = forms[index];
	if (!submitEvent.target.checkValidity()) {
	/* oh noes! */
	} else {
	return true; /* everything's cool, the form is valid! */
	}
	var form = submitEvent.target,
	elements = form.elements;

	/* Loop through the elements, looking for an invalid one. */
	for (var index = 0, len = elements.length; index < len; index++) {
	var element = elements[index];

	if (element.willValidate === true && element.validity.valid !== true) {
	/* element is invalid, let's do something! */
	/* break from our loop */
	var message = element.validationMessage,
	parent = element.parentNode,
	div = document.createElement('div');

	/* Add our message to a div with class 'validation-message' */
	div.appendChild(document.createTextNode(message));
	div.classList.add('validation-message');

	/* Add our error message just after element. */
	parent.insertBefore(div, element.nextSibling);
	var validateForm = function(submitEvent) {
	if (!submitEvent.target.checkValidity()) {
	/* Seriously, hold everything. */
	submitEvent.preventDefault();
	submitEvent.stopImmediatePropagation();
	submitEvent.stopPropagation();

	var form = submitEvent.target,
	elements = form.elements;
	/*
	Determine the best message to return based on validity state.
	*/
	var validationMessageFor = function(element) {
	var name = element.nodeName,
	type = element.type,

	/* Custom, reused messages. */
	emailMessage = "Please enter a valid email address.";
	$(document).on 'submit', 'form', ->
	form = $(this)
	method = form.attr('method').toUpperCase()
	token = $('meta[name=csrf-token]').attr('content')

	# add the CSRF token as a hidden input to the form
	if method? and method isnt 'GET'
	form.prepend $('<input>', name: '_csrf', type: 'hidden', value: token)
	before do
	session[:csrf] \|\|= SecureRandom.hex(32)

	response.set_cookie 'authenticity_token', {
	value: session[:csrf],
	expires: Time.now + (60 * 60 * 24 * 180), # that's 180 days
	path: '/',
	httponly: true
	# secure: true # if you have HTTPS (and you should) then enable this