[thelist] was: xssi serving up separate css now: client vs. server
Ron_Senykoff at BEAEROSPACE.COM
Ron_Senykoff at BEAEROSPACE.COM
Fri Oct 12 10:31:44 CDT 2001
<snip>
"The Optimizer" wrote:
<tip>
Always use server-side validation for form input. It is a trivial matter to
bypass JavaScript validation in order to populate a database with
meaningful
code.
</tip>
</snip>
Why not use both?? For the users with JavaScript enabled, you're providing
that nice quick response that only client-side validation can give. If it
passes your client-side, then it will make it through server-side. But if
they have JavaScript disabled then have the server check it. Use JS to
write(daJSButton) and <noscript><input type="submit"></noscript> for the
non JS people.
I guess this is the ideal situation, but we all know that time = $$ = beer
so we must have our priorities, unless of course you don't like $$ or beer.
-Ron
More information about the thelist
mailing list