发表新帖
发表新帖

Is JavaScript validation bad?

后端 未结
关注
14 1646
栀梦
栀梦 2021-02-01 11:56

It has been long time since we have been validating our forms using JavaScript. I am sure this must be the case with most other developers.

Question:

What if the

相关标签:
14条回答
  • 渐次进展
    2021-02-01 12:21

    Using JavaScript is not wrong. We've been using it since a long time. It is used for applying client-side validations.

    Still, we should implement server-side validation so that a bad guy would not be able to break the application.

    0 讨论(0)
  • 你的背包
    2021-02-01 12:23

    If you learn only one thing from this topic, let it be this:

    Never — under any circumstances — trust data from the browser and always validate request data on the server-side.

    Should we ever use it now?

    Yes, definitely. You do not need to validate an empty field on the server side. It is not something like validating an email's availability (uniqueness of email). If you are going to reject that empty field anyway, there is no point of sending it to server and making server do extra work for it.

    0 讨论(0)
  • 情歌与酒
    2021-02-01 12:25

    What if the user (or probably a bad guy) disables javascript?

    As said before: Simply do not rely on the client. Never do so. Check everything on the server again.

    Should we ever use it now?

    Yes - so the user immediately sees what's wrong. Otherwise he had to post back the data first which may take a while. By the way you reduce traffic to your server.

    It's simply more inuitive.

    //EDIT: BTW: The ASP.NET ValidationRules contain both client-side and server validation as far as I know.

    0 讨论(0)
  • 没有蜡笔的小新
    2021-02-01 12:28

    Client-side (Javascript) validation is about usability, nothing else. If the cost of implementing is not worth the perceived increase in usability, then don't spend the time on it. These days it's pretty easy to do though!

    I don't think you can do without server-side validation, however, since this is the only thing that provides you with any security.

    0 讨论(0)
  • 滥情空心
    2021-02-01 12:29

    If you're looking to save time, go with server-side only. If you want better performance and user experience, add client-side validation afterward. Never rely on client-side validation, for the reasons you state. All critical validation should occur on the server ... even if duplicated on the client.

    0 讨论(0)
  • 小鲜肉
    2021-02-01 12:36

    JavaScript is useful for client side validation. But you cannot rely only on them. You must use server-side validation against the posted data. JavaScript just prevents unnecessary posts to the server.

    0 讨论(0)
 看不清?
提交回复
热议问题