Every webpage needs some sort of forms. Please do read chapter on
Dependency Injection and Generic Factory.
In-order to create forms, we need to extend Aura\Input\Form class
and override the init() method.
We use setField method to add an input type.
Let us create an example form
Read passing options into forms, to see how the states can also be provided.
Setting Filters On The Form
The aura framework uses Aura.Filter package for form validation and
sanitization. The Aura\Input\Form object has getFilter() method
which is an object of Aura\Framework\Input\Filter an extended class of
Look into Validation and Sanitization for
the different types of Rules, how you can create your own rules.
Extended Controller for form creation
The aura framework has a very basic controller. You need to extend
the controller according to your needs.
In-order to make use of the dependency injection, we need to map the
form names to Aura\Input\FormFactory.
You can map as many forms into the FormFactory as
Form objects can then be created in the extend class
Example\Package\Web\PageController of controller as
Populating and Validating User Input
We can fill the form with user input and see if the user input is valid.
First, we use the fill() method to set the input values.
We then call the filter() method to see if the user input is valid;
if not, we show the messages for the inputs
that did not pass their filter rules.
Applying CSRF Protections
Aura.Input comes with an interface for implementations that prevent
cross-site request forgery
attacks. To make use of this interface, we will need to provide our own
CSRF implementation; this is because it depends on two things that Aura.Input
cannot provide: an object that tells us if the user is authenticated or not,
and an object to generate and retain a cryptographically secure random value
for the CSRF token value. A pseudo-implementation follows.
We can then pass an instance of the implementation into our form using the
Calling setAntiCsrf() adds a CSRF field to the form.
When we call fill() on the form, it will check the CSRF value in the data
to make sure it is correct. If not, the form will not fill in the data, and
throw an exception and will not fill in the data.
In The View Layer
The Aura.Input package only describes the user inputs and their values. It
does not render forms or fields; that task is for the view layer. However,
Aura.Input does allow for “hints” that the view layer can use for rendering.
When defining a field, we can set the type as the second parameter to the
setField() method. This can be an HTML input type, an HTML tag name, a
custom name that the view layer recognizes, or anything else; recall that
these are only hints for the view, and are not strict. In addition, we can use
fluent methods to set attributes and options on the field.
In our view layer, we can extract the hints for a field using the get()
The Aura.View package comes with a
series of helpers that can translate the hints array to HTML.
Assuming you have assigned the form object to the view from controller
then from view, you can display the form as
Passing Options Into Forms
Frequently, the application using the inputs will have a standard set of
options used across all forms and filters. It would be inconvenient to have
to duplicate those standard options for each different form, so Aura.Input
allows us to pass in any object at all as a container for application-wide
options. We can then use those options for building the inputs.
For example, we would construct our ContactForm with an arbitrary options
… and then use it in the init() method of form remove the $states
array with $options->getStates().