Validate HTML Form Data Assertion

The Validate HTML Form Data assertion is used to validate the data set within an HTML form—for example, to require that a certain field must appear a minimum number of times or cannot appear more than once. You can specify which fields (i.e., form controls) are allowed, their data types, and their location in the request.  
gateway90
The 
Validate HTML Form Data 
assertion is used to validate the data set within an HTML form—for example, to require that a certain field must appear a minimum number of times or cannot appear more than once. You can specify which fields (i.e., form controls) are allowed, their data types, and their location in the request.  
This assertion only works on HTTP requests; it is skipped if the request is not HTTP.
Ensure that this assertion appears before the routing assertion in the policy.
To further refine the allowable fields, include the Compare Expression assertion in the policy. For example, you are permitting only fields named "widget" with values over 100. To do this, define field widget with data type number in the Validate HTML Form Data assertion. In the Compare Expression assertion, add "widget > 100". The Compare Expression assertion can precede or follow the Validate HTML Form Data assertion. If you need to access the HTTP form parameters, use the ${request.http.parameter} context variable.
Using the Assertions
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the 
    HTML Form Data Properties
     automatically appear; when modifying the assertion, right-click 
    Validate HTML Form Data
     in the policy window and select 
    HTML Form Data Properties
     or double-click the assertion in the policy window. The assertion properties are displayed. 
  3. Configure the properties as follows:
    Setting
    Description
     
    Submission method allowed
     
    Select which submission methods are allowed: 
    GET
    POST
    . Requests made using other HTTP methods will cause the assertion to fail.
    You must select at least one method .
     
    Request must contain the following fields:
     
    Define the fields that are permitted in the request. The assertion succeeds only when a message contains 
    all 
    the listed fields, with the appropriate details.
    • To add a field, click [
      Add
      ] and then enter the field information as described below.
    • To remove a field, click anywhere in the row to select it, then click [
      Remove
      ]. The field is removed immediately.
    Complete the field details as follows:
    •  
      Name: 
      Type the name of the field. All names must be unique. The name is case sensitive.
    •  
      Data Type: 
      Double-click and select which data type to allow: 
      number
      file
      string
      , or 
      <any>
      . (
      Note:
       The data type 
      file
       requires the submission method 
      POST
      .)
    •  
      Min Occurs:
       Enter the minimum number of times the field must appear in the request. To indicate that the field is optional (i.e., may or may not be present), enter a value of 
      0
       (zero).
    •  
      Max Occurs:
       Enter the maximum number of times the field is allowed to appear in the request. The maximum may be the same as the minimum if you wish to enforce a specific number of occurrences.
    •  
      Location:
       Double-click and specify where the field must be located in the request: within the 
      request URL
      request body
      , or 
      anywhere
       in the request. (Note: The location 
      request body
       requires the submission method 
      POST
      .) .
    •  
      Allow Empty:
       Select this check box to allow the field to have an empty value. (Note: By default, when a policy using the Number data type is imported from a previous version, this check box will be deselected by default.)
     
    Disallow other fields
     
    Indicate how you want to treat all other fields not specified in the table:
    • Select this check box to allow 
      only
       the listed fields in the request. The presence of any other fields will cause the assertion to fail. This makes the assertion more restrictive.
    • Clear this check box to allow any other field in the request 
      in addition
       to the fields listed in the table. This makes the assertion more broad .
  4. Click [
    OK
    ]
     
    when done.