W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > July to September 2002

RE: Opinions please

From: Jon Hanna <jon@spin.ie>
Date: Fri, 12 Jul 2002 17:40:31 +0100
To: "W3c-Wai-Ig" <w3c-wai-ig@w3.org>
Message-ID: <NDBBLCBLIMDOPKMOPHLHEEHFEDAA.jon@spin.ie>

> I have a client who wishes to use JavaScript in a form for form
> verification
> prior to submit - it is important that all fields be filled out.  I have
> advised that all "Mission Critical" scripting MUST be server-side
> to ensure
> universal accessibility.  Their concern however is on server load
> - the form
> is part of a huge enterprise with potentially hundreds of thousands of
> "hits" daily.

Their fears are misplaced. Not only is form validation that relies on
client-side processing often inaccessible, it is almost always insecure,
since not only do you have to catch mistakes in your validation, but also
deliberately mal-formed data.

Being 0wned by every script-kiddie with nothing better to do will not help
their server load.

Javascript can be used as a preliminary check; which will benefit both those
users who can use it - since it is generally easier to understand an
immediate message, especially if the focus is moved to the invalid item if
one doesn't have problems with understanding the alerts, and reduce server
load - by reducing the number of round-trips caused by invalid input, but it
is never a robust, secure or accessible validation method. In fact I'm weary
of using the term "validation" for such a mechanism at all.
Received on Friday, 12 July 2002 12:40:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 19 July 2011 18:14:05 GMT