My question is about user input that has been received by an html form and a static ('static' - my What is the information from things like selection options, radio buttons, check boxes) Should I do client-side verification because I believe that user can change his HTML code with tools like firebug.
Example:
My code: & lt; Select & gt; & Lt; Options & gt; Public & lt; / Options & gt; & Lt; Option style = "display: none" & gt; Private & lt; / Option & gt; & Lt; / Select & gt;
User's modification:
& lt; Select & gt; & Lt; Options & gt; Public & lt; / Options & gt; & Lt; Option selected & gt; Private & lt; / Options & gt; & Lt; / Select & gt; Should I validate this input in JS or leave it for server-side verification? I know that the user can manipulate JS, so I do not see any meaning in doing this kind of recognition in JS.
My reasoning:
-
Since it is a constant information, a simple (good man) user will not mess with it and There is no need to check it for this.
-
If an evil user wants to mess with his code, he will hardly know how the HTML code is mixed, rather the JS code is again - stable There is no need for client-side verification for inputs.
That's why I am right or a complete ghost of verification on customer-side should be absolutely complete.
PS: I'm only asking for client side, I always do a server / as well as all the user input /
always validate your input server side
Javascript is good to validate things because you can tell the user quickly that input is wrong.
A clever user can bypass any javascript barrier because you can always make your own requests.
See from a time-efficiency point. Trying to always give a useful error message is not enough time to spend bad user trying help . If the server thinks that the input is invalid, then you can reply with "invalid input" . If your javascript validation is good a regular user should never run in that error.
No comments:
Post a Comment