W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2004

[whatwg] substantive comment on Web Forms 2.0, and suggestion

From: Ian Hickson <ian@hixie.ch>
Date: Sat, 10 Jul 2004 10:31:42 +0000 (UTC)
Message-ID: <Pine.LNX.4.58.0407101029350.26551@dhalsim.dreamhost.com>
On Wed, 7 Jul 2004, Andrew Hagen wrote:
> I think Web Forms 2.0 is great. The best part is that it builds on HTML
> forms. It makes it easier for a web designer to validate form input data
> for sanity and without lots of Javascript.

Glad you like it!

> Nothing would prevent a user with IE from finding such a form and
> entering data into the form with his browser. He can even submit the
> data with IE. This will give IE the ability to send bad data (not
> validated) to the server. To prevent the bad data,a separate program
> would be needed to validate the data on the server end.

You must _always_ validate on the server-side. It would always be possible
for people to send bogus data to the server, either maliciously, or in
error (e.g. if a browser had a bug, or, as you point out, if it doesn't
support Web Forms 2).

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 10 July 2004 03:31:42 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:35 UTC