Merge pull request #249 from Xronophobe/re-rita-review-chapter-13

Re: Rita review on chapter 13

Author: Xronophobe

chapter_13_database_layer_validation.asciidoc

@@ -1,16 +1,6 @@
 [[chapter_13_database_layer_validation]]
 == Validation at the Database Layer
 
-// RITA: Update the warning since you have reviewed the chapter text in detail?
-.🚧 Warning, Chapter update in progress
-*******************************************************************************
-This chapter is currently in the process of being rewritten for the 3e.
-
-The code listings should all be valid,
-and work with Python3.12 + Django 4,
-but I haven't reviewed the chapter text in detail yet.
-
-*******************************************************************************
 
 ((("user interactions", "validating inputs at database layer", id="UIdblayer13")))
 ((("database testing", "database-layer validation", id="DBTdblayer13")))
@@ -263,18 +253,20 @@ been passed an error variable, and if so, we do this:
 ((("form control classes (Bootstrap)")))
 Take a look at the https://getbootstrap.com/docs/5.3/forms/validation/#server-side[Bootstrap docs] for more
 info on form controls.
-footnote:[... and ignore their advice to prefer client-side validation.
-Ideally, having both server- and client-side validation is the best.
-If you can't do both, then server-side validation is the one you really can't do
-without.
-Check the
-https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/02-checklist/05-checklist.html[OWASP checklist],
-if you are not convinced yet.
-Client-side validation will provide faster feedback on the UI, but
-https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html#client-side-vs-server-side-validation[it is not a security measure.]
-Server-side validation is indispensable for handling any input
-that gets processed by the server--and it will also provide albeit slower,
-feedback for the client side.]
+
+TIP: However, ignore the Bootstrap docs' advice to prefer client-side
+    validation.
+    Ideally, having both server- and client-side validation is the best.
+    If you can't do both, then server-side validation is the one you really
+    can't do without.
+    Check the
+    https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/02-checklist/05-checklist.html[OWASP checklist],
+    if you are not convinced yet.
+    Client-side validation will provide faster feedback on the UI, but
+    https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html#client-side-vs-server-side-validation[it is not a security measure.]
+    Server-side validation is indispensable for handling any input
+    that gets processed by the server--and it will also provide albeit slower,
+    feedback for the client side.]
 
 
 // CSANAD: these are the new docs for Bootstrap, but for some reason they begin
@@ -629,7 +621,7 @@ We should also remind ourselves not to forget to remove this early return:
 
 And now, we can focus on making our code a little neater.
 
-TIP: When working on a new feature, it's common to realize partway through that
+TIP: When working on a new feature, it's common to realise partway through that
     a refactor of the application is needed. Adding an early return to the FT
     you're currently working on allows you to perform this refactor against
     passing FTs, even while the feature is still in progress.
@@ -1089,13 +1081,14 @@ $ pass:quotes[*python src/manage.py test functional_tests*]
 OK
 ----
 // RITA: Perhaps add a few words after "Excellent" to explain what you're doing?
-Excellent:
+Excellent! Let's commit our progress:
 
 [subs="specialcharacters,quotes"]
 ----
 $ *git commit -am "Refactor hard-coded URLs out of templates"*
 ----
 // RITA: Please add a sentence to give the figure context. "Let's remove the item from our scratchpad." 
+And don't forget to cross off the "Remove hardcoded URL..." task as well:
 [role="scratchpad"]
 *****
 * 'Remove hardcoded URLs from views.py'