[thelist] Stopping a user submitting a form from the address bar using JS.

Craig cd-ml at aardvark.net.au
Sat Dec 14 12:31:46 CST 2002


Hi Lach,

> I'm not sure how you can get around it, but I urge you to reconsider
> your tact. You should always provide an alternative method that works
> for people who have JavaScript disabled. Besides, you should be doing
> server side checking anyway, if not you have a huge security risk on
> your hand.

I do have server-side checking in place, but only if the user doesn't have JS
enabled.  Maybe I should rethink that.

> If you do it doesn't matter if people circumvent your
> checking, because they'll merely lose the convenience, but run up
> against the server side stuff which will correct them anyway.
> --
> Lach





More information about the thelist mailing list