address Rita's review on Chapter 13

Xronophobe · Xronophobe · commit fb0224c3babb · 2024-06-18T16:02:08.000+02:00
diff --git a/chapter_13_database_layer_validation.asciidoc b/chapter_13_database_layer_validation.asciidoc
@@ -1,16 +1,6 @@
 [[chapter_13_database_layer_validation]]
 == Validation at the Database Layer
 
-// RITA: Update the warning since you have reviewed the chapter text in detail?
-.🚧 Warning, Chapter update in progress
-*******************************************************************************
-This chapter is currently in the process of being rewritten for the 3e.
-
-The code listings should all be valid,
-and work with Python3.12 + Django 4,
-but I haven't reviewed the chapter text in detail yet.
-
-*******************************************************************************
 
 ((("user interactions", "validating inputs at database layer", id="UIdblayer13")))
 ((("database testing", "database-layer validation", id="DBTdblayer13")))
@@ -263,18 +253,20 @@ been passed an error variable, and if so, we do this:
 ((("form control classes (Bootstrap)")))
 Take a look at the https://getbootstrap.com/docs/5.3/forms/validation/#server-side[Bootstrap docs] for more
 info on form controls.
-footnote:[... and ignore their advice to prefer client-side validation.
-Ideally, having both server- and client-side validation is the best.
-If you can't do both, then server-side validation is the one you really can't do
-without.
-Check the
-https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/02-checklist/05-checklist.html[OWASP checklist],
-if you are not convinced yet.
-Client-side validation will provide faster feedback on the UI, but
-https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html#client-side-vs-server-side-validation[it is not a security measure.]
-Server-side validation is indispensable for handling any input
-that gets processed by the server--and it will also provide albeit slower,
-feedback for the client side.]
+
+TIP: However, ignore the Bootstrap docs' advice to prefer client-side
+    validation.
+    Ideally, having both server- and client-side validation is the best.
+    If you can't do both, then server-side validation is the one you really
+    can't do without.
+    Check the
+    https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/02-checklist/05-checklist.html[OWASP checklist],
+    if you are not convinced yet.
+    Client-side validation will provide faster feedback on the UI, but
+    https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html#client-side-vs-server-side-validation[it is not a security measure.]
+    Server-side validation is indispensable for handling any input
+    that gets processed by the server--and it will also provide albeit slower,
+    feedback for the client side.]
 
 
 // CSANAD: these are the new docs for Bootstrap, but for some reason they begin
@@ -1089,13 +1081,14 @@ $ pass:quotes[*python src/manage.py test functional_tests*]
 OK
 ----
 // RITA: Perhaps add a few words after "Excellent" to explain what you're doing?
-Excellent:
+Excellent! Let's commit our progress:
 
 [subs="specialcharacters,quotes"]
 ----
 $ *git commit -am "Refactor hard-coded URLs out of templates"*
 ----
 // RITA: Please add a sentence to give the figure context. "Let's remove the item from our scratchpad." 
+And don't forget to cross off the "Remove hardcoded URL..." task as well:
 [role="scratchpad"]
 *****
 * 'Remove hardcoded URLs from views.py'
