My question is about user input that has been received by an html form and a static ('static' - my What is the information from things like selection options, radio buttons, check boxes) Should I do client-side verification because I believe that user can change his HTML code with tools like firebug.
Example:
My code: User's modification: Should I validate this input in JS or leave it for server-side verification? I know that the user can manipulate JS, so I do not see any meaning in doing this kind of recognition in JS. My reasoning: Since it is a constant information, a simple (good man) user will not mess with it and There is no need to check it for this. If an evil user wants to mess with his code, he will hardly know how the HTML code is mixed, rather the JS code is again - stable There is no need for client-side verification for inputs. That's why I am right or a complete ghost of verification on customer-side should be absolutely complete. PS: I'm only asking for client side, I always do a server / as well as all the user input / always validate your input server side Javascript is good to validate things because you can tell the user quickly that input is wrong. A clever user can bypass any javascript barrier because you can always make your own requests. See from a time-efficiency point. Trying to always give a useful error message is not enough time to spend bad user trying help . If the server thinks that the input is invalid, then you can reply with & lt; Select & gt; & Lt; Options & gt; Public & lt; / Options & gt; & Lt; Option style = "display: none" & gt; Private & lt; / Option & gt; & Lt; / Select & gt;
& lt; Select & gt; & Lt; Options & gt; Public & lt; / Options & gt; & Lt; Option selected & gt; Private & lt; / Options & gt; & Lt; / Select & gt;
"invalid input" . If your javascript validation is good a regular user should never run in that error.
No comments:
Post a Comment