[thelist] was: xssi serving up separate css now: client vs. server

The Optimizer chrism at puffofsmoke.net
Fri Oct 12 10:58:18 CDT 2001


> <tip>
> Always use server-side validation for form input. It is a trivial
> matter to
> bypass JavaScript validation in order to populate a database with
> meaningful
> code.
> </tip>
>
> </snip>
>
> Why not use both??  For the users with JavaScript enabled, you're
> providing
> that nice quick response that only client-side validation can give.  If it
> passes your client-side, then it will make it through server-side.  But if
> they have JavaScript disabled then have the server check it.  Use JS to
> write(daJSButton) and <noscript><input type="submit"></noscript> for the
> non JS people.

I like your style;) Personally (and I must stress that this a matter of
taste) I prefer the formatting flexibility for display of error messages
that SS processing offers.

> I guess this is the ideal situation, but we all know that time = $$ = beer
> so we must have our priorities, unless of course you don't like
> $$ or beer.

Regards

Chris Marsh





More information about the thelist mailing list