Validate HTML Form Data Assertion

The Validate HTML Form Data assertion is used to validate the data set within an HTML form—for example, to require that a certain field must appear a minimum number of times or cannot appear more than once. You can specify which fields (i.e., form controls) are allowed, their data types, and their location in the request.  
gateway90
The
Validate HTML Form Data
assertion is used to validate the data set within an HTML form—for example, to require that a certain field must appear a minimum number of times or cannot appear more than once. You can specify which fields (i.e., form controls) are allowed, their data types, and their location in the request.  
This assertion only works on HTTP requests; it is skipped if the request is not HTTP.
Ensure that this assertion appears before the routing assertion in the policy.
To further refine the allowable fields, include the Compare Expression assertion in the policy. For example, you are permitting only fields named "widget" with values over 100. To do this, define field widget with data type number in the Validate HTML Form Data assertion. In the Compare Expression assertion, add "widget > 100". The Compare Expression assertion can precede or follow the Validate HTML Form Data assertion. If you need to access the HTTP form parameters, use the ${request.http.parameter} context variable.
Using the Assertions
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the
    HTML Form Data Properties
    automatically appear; when modifying the assertion, right-click
    Validate HTML Form Data
    in the policy window and select
    HTML Form Data Properties
    or double-click the assertion in the policy window. The assertion properties are displayed. 
  3. Configure the properties as follows:
    Setting
    Description
    Submission method allowed
    Select which submission methods are allowed:
    GET
    ,
    POST
    . Requests made using other HTTP methods will cause the assertion to fail.
    You must select at least one method .
    Request must contain the following fields:
    Define the fields that are permitted in the request. The assertion succeeds only when a message contains
    all
    the listed fields, with the appropriate details.
    • To add a field, click [
      Add
      ] and then enter the field information as described below.
    • To remove a field, click anywhere in the row to select it, then click [
      Remove
      ]. The field is removed immediately.
    Complete the field details as follows:
    • Name:
      Type the name of the field. All names must be unique. The name is case sensitive.
    • Data Type:
      Double-click and select which data type to allow:
      number
      ,
      file
      ,
      string
      , or
      <any>
      . (
      Note:
      The data type
      file
      requires the submission method
      POST
      .)
    • Min Occurs:
      Enter the minimum number of times the field must appear in the request. To indicate that the field is optional (i.e., may or may not be present), enter a value of
      0
      (zero).
    • Max Occurs:
      Enter the maximum number of times the field is allowed to appear in the request. The maximum may be the same as the minimum if you wish to enforce a specific number of occurrences.
    • Location:
      Double-click and specify where the field must be located in the request: within the
      request URL
      ,
      request body
      , or
      anywhere
      in the request. (Note: The location
      request body
      requires the submission method
      POST
      .) .
    • Allow Empty:
      Select this check box to allow the field to have an empty value. (Note: By default, when a policy using the Number data type is imported from a previous version, this check box will be deselected by default.)
    Disallow other fields
    Indicate how you want to treat all other fields not specified in the table:
    • Select this check box to allow
      only
      the listed fields in the request. The presence of any other fields will cause the assertion to fail. This makes the assertion more restrictive.
    • Clear this check box to allow any other field in the request
      in addition
      to the fields listed in the table. This makes the assertion more broad .
  4. Click [
    OK
    ]
     
    when done.