Release: Validation Plugin 1.12.0

Its been slightly over a year since the last release of the jQuery Validation Plugin. Its been almost eight(!) years since I started working on this plugin. Its been slightly over eight years since I started my first full time job as a software developer. Almost-decades aside, its time for a new release, so I’m happy to present you with a shiny new 1.12.0.

Since 1.11.0, lots of things changed. The documentation is now longer on the jQuery Wiki, the plugin home is no longer on this site, instead both moved on to their own home at jqueryvalidation.org (I’m still doing release announcements here though). The source code of the plugin was heavily restructured, laying the foundation for smaller modules that are easier to test and maintain. While src/core.js is still pretty big, all the additional methods are now in individual files, making them much easier to maintain.

On the “tell me something relevant for me” front there’s also lots of improvements: Along with the usual bug fixes, the plugin now uses some ARIA attributes, laying the foundation for making the validation more accessible, e.g. for screenreader users. There’s a lot of new and improve localizations along with several new and improve additional methods. All full list of all changes can be found in the changelog below.

Download this release.

If you use the plugin, please donate or ask your boss to make a donation!

Click here to lend your support to: jQuery Validation Plugin and make a donation at www.pledgie.com !

36 people contributed code to this release. A big thank you to: 1darvesh, Alfonso Martín, Andrew Ray, Andy Cohen, Bart Sipes, Bruno Pinto, Christian, Christian Haller, Dave Marr, Floris Robbemont, g1smd, James Thompson, Jamie R. Rytlewski, John Reilly, joseph.bott, Juan M. Cuello, Jörn Zaefferer, magic.xie, Markus Staab, Martin Laine, Max Toro, Nic Jansma, Nick Schonning, Pat Heard, Peter Conerly, Predrag Stojadinovic, rstaib, ruado1987, Strand McCutchen, Sævar Öfjörð Magnússon, Sérgio Rafael Siqueira, TaeyoungYoon, Thibaud Colas, Veres Lajos, Wing, YuraDubensky, zho. Also thank you to everyone who reported issues on GitHub or commented on them.

As usual:
  • Please post questions to the official Using jQuery Plugins Forum, tagging your question with (at least) “validate”. Keep your question short and succinct and provide code; a testpage makes it much more likely that you get an useful answer in no time.
  • Please post bug reports and other contributions (enhancements, features, e.g. new validation methods) to the GitHub issue tracker

The full changelog:

  • Add ARIA testing (3d5658e)
  • Add es-AR localization messages. (7b30beb)
  • Add missing dots to ‘es’ and ‘es_AR’ messages. (a2a653c)
  • Added Indonesian (ID) localization (1d348bd)
  • Added NIF, NIE and CIF Spanish documents numbers validation (#830, 317c20f)
  • Added the current form to the context of the remote ajax request (0a18ae6)
  • Additionals: Update IBAN method, trim trailing whitespaces (#970, 347b04a)
  • BIC method: Improve RegEx, {1} is always redundant. Closes gh-744 (5cad6b4)
  • Bower: Add Bower.json for package registration (e86ccb0)
  • Changes references from ‘$’ to ‘jQuery’, for compability with jQuery.noConflict. Closes gh-754 (2049afe)
  • Core: Add “method” field to error list entry (89a15c7)
  • Core: Added support for generic messages via data-msg attribute (5bebaa5)
  • Core: Allow attributes to have a value of zero (eg min=’0′) (#854, 9dc0d1d)
  • Core: Disable deprecated $.format (#755, bf3b350)
  • Core: Fix support for multiple error classes (c1f0baf)
  • Core: Ignore events on ignored elements (#700, a864211)
  • Core: Improve elementValue method (6c041ed)
  • Core: Make element() handle ignored elements properly. (3f464a8)
  • Core: Switch dataRules parsing to W3C HTML5 spec style (460fd22)
  • Core: Trigger success on optional but have other successful validators (#851, f93e1de)
  • Core: Use plain element instead of un-wrapping the element again (03cd4c9)
  • Core: make sure remote is executed last (#711, ad91b6f)
  • Demo: Use correct option in multipart demo. (#1025, 070edc7)
  • Fix $/jQuery usage in additional methods. Fixes #839 (#839, 59bc899)
  • Improve Chinese translations (1a0bfe3)
  • Initial ARIA-Required implementation (bf3cfb2)
  • Localization: change accept values to extension. Fixes #771, closes gh-793. (#771, 12edec6)
  • Messages: Add icelandic localization (dc88575)
  • Messages: Add missing dots to ‘bg’, ‘fr’ and ‘sr’ messages. (adbc636)
  • Messages: Create messages_sr_lat.js (f2f9007)
  • Messages: Create messages_tj.js (de830b3)
  • Messages: Fix sr_lat translation, add missing space (880ba1c)
  • Messages: Update messages_sr.js, fix missing space (10313f4)
  • Methods: Add additional method for currency (1a981b4)
  • Methods: Adding Smart Quotes to stripHTML’s punctuation removal (aa0d624)
  • Methods: Fix dateITA method, avoiding summertime errors (279b932)
  • Methods: Localized methods for chilean culture (es-CL) (cf36b93)
  • Methods: Update email to use HTML5 regex, remove email2 method (#828, dd162ae)
  • Pattern method: Remove delimiters, since HTML5 implementations don’t include those either. (37992c1)
  • Restricting credit card validator to include length check. Closes gh-772 (f5f47c5)
  • Update messages_ko.js – closes gh-715 (5da3085)
  • Update messages_pt_BR.js. Closes gh-782 (4bf813b)
  • Update phonesUK and mobileUK to accept new prefixes. Closes gh-750 (d447b41)
  • Verify nine-digit zip codes. Closes gh-726 (165005d)
  • phoneUS: Add N11 exclusions. Closes gh-861 (519bbc6)
  • resetForm should clear any aria-invalid values (4f8a631)
  • valid(): Check all elements. Fixes #791 – valid() validates only the first (invalid) element (#791, 6f26803)

goto fail

Looking for some Saturday evening programmer entertainment? How about a serious security flaw in very widely deployed software caused by a goto statement? What could possibly go wrong?

xkcd-292
from xkcd.com/292/

Here’s Apple’s equivalent of the raptor mauling you. That’s the official version, which doesn’t provide any details (“Apples does not disclose any details”). It just says:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

But you can find the details in this blog post by Adam Langley, who works at Google on Chrome (I think; the blog post implies that, the site doesn’t say). From that post:

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
{
	OSStatus        err;
	...

	if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
		goto fail;
	if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
		goto fail;
		goto fail;
	if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
		goto fail;
	...

fail:
	SSLFreeBuffer(&signedHashes);
	SSLFreeBuffer(&hashCtx);
	return err;
}

Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn’t conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.

Someone found that entertaining enough to put it on a t-shirt. A few more pre-orders and it’ll get printed.

Talk to Me – Making websites accessible

In 2013, I gave a talk about making websites accessible, at several conferences. The last session was in September 2013 at the jQuery Austin conference. While the conference itself didn’t record videos, I made a local recording myself, which I’d like to share via YouTube. The audio and video of myself are recorded with the laptop microphone and camera. The slides and embedded videos are directly captured, so you can see all them in full detail (I used ScreenFlow 4 for that, its certainly worth the money).

You can also look at the original slides and videos or get the source for the slides and a list of further resources.

The original abstract for the talk was this:

A computer that can talk to us has been part of science fiction for a long time. For a number of people it has been a reality for quite a while: Those with limited or no sight at all, usually referred to as blind computer users.

Making web sites and applications work for people that rely on a screenreader poses many interesting challenges. Usually there is no budget for accessiblity, as the number of users affected is small – exceptions apply wherever websites have to conform to regulations like Section 508 (aka Section 508 Amendment to the Rehabilitation Act of 1973). Even when there’s a budget, or just a rogue developer who cares, there a barriers in specifications, tools and testing, that make it hard for the average developer to improve the overall result.

At the same time, although the targeted group of users is relatively small, it’s this group that often benefits the most from a web service, since it can give them a form of independence they might not have in their day to day life, often more than able-bodied users do.

This talk will provide:

  • Good arguments to convince your boss or customer of the value of making a web site or application accessible.
  • An introduction to the software and tools to test against.
  • Examples of the challenges involved and how to overcome them with JavaScript, with a look at the autocomplete and menu widgets in jQuery UI, covering both keyboard and screenreader support.

A half hour talk won’t make you an instant expert, but you should get enough of a boost to make a difference on your next project.

Space Stories

Two stories about space, that turn out to go pretty well together, both, more or less, told by and to software developers. Though I suspect that with a bit of curiosity they are as fascinating to anyone else as they were to me.

To start, Russ Olsen – To the Moon!

The other one is from the Podcast This Developer’s Life, their most recent episode “Space”.

A happy new year 2014!