[thelist] disabled javascript

[Ben Phillips]

> Reasons why some javascript client-side validation is a GOOD
> thing: 1. prevents additional server connections to spit back
> "missing information" messages 2. enables faster client
> response time since a user doesn't have to wait for a few
> seconds+ to be alerted to the fact that they inadvertently
> missed a field 3. #1 and #2 could be seen yielding a higher
> response to the form because it takes much less time to
> handle errors 4. reduces server strain and traffic because
> reduces erroneous submissions by heading them off on the client-side
>
> Reasons why some javascript client-side validation is a  BAD
> thing: 1. some people think it's a security hole and decide
> to disable it 2. some people think that it's the best way of
> preventing stupid popup windows instead of restricting access
> to sites that are known for popup windows

so would you not use server-side validation at all for this? if so, then
what if somebody hacked a post request to the server as if the form had
been validated, when in fact the data sent hadn't been validated at all?

sorry, but i wouldn't risk this situation, instead, just provide both
client and server side validation. as well as it allowing non-javascript
users to use the form, it provides the benefits of client-side
validation as well (all those you mention).

why do anything different? i can't see any benefit from leaving out
either server-side or client-side validation, apart from slightly
smaller page size, and slightly less development time, but surely it's
not worth it?

benji
inchima.com