- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 10 Jul 2004 10:31:42 +0000 (UTC)
On Wed, 7 Jul 2004, Andrew Hagen wrote: > > I think Web Forms 2.0 is great. The best part is that it builds on HTML > forms. It makes it easier for a web designer to validate form input data > for sanity and without lots of Javascript. Glad you like it! > Nothing would prevent a user with IE from finding such a form and > entering data into the form with his browser. He can even submit the > data with IE. This will give IE the ability to send bad data (not > validated) to the server. To prevent the bad data,a separate program > would be needed to validate the data on the server end. You must _always_ validate on the server-side. It would always be possible for people to send bogus data to the server, either maliciously, or in error (e.g. if a browser had a bug, or, as you point out, if it doesn't support Web Forms 2). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 10 July 2004 03:31:42 UTC