I just installed the “Tamper Data” Firefox extension to test some code that I just wrote for my new Django project. Basically, I’m creating a storefront where users can each add multiple stores and multiple products to their account. They can associate each product with multiple stores and each store can contain multiple products. But I don’t want users to be able to stuff their products into stores that don’t belong to them by doing nasty stuff in HTTP POST data…not that many people would think of doing that. So I wrote code to prevent that kind of misbehavior. I then started testing my code with “Tamper Data” and found that Django had already beat me to the punch. If data that is POSTed back to a form didn’t initially belong to the form (in my case, an ID from a select list), Django tells the user they need to fix their input. I don’t know which all form input types this applies to, but it apparently applies to select lists. This error wouldn’t have happened if someone (me) weren’t monkeying with the data. I was really amazed when I saw the Djangoish validation error and the form show back up. This is a very nice touch in form validation. I guess the bad part of all of this is that now I’ll need to rip out my “nastiness-checking” code. Oh, well.