[eluser]JasonS[/eluser]
Am I right in thinking that if a callback isn't specified it is ignored?
Surely this is incorrect. The whole point of validation is to
validate data. If a developer misspells a callback or whatever shouldn't the validation library throw an error instead of silently continuing?
The current set up allows vulnerabilities to exist in poorly tested apps. By switching to a system that fails if a callback isn't specified you would block up this problem.