- From: Ryan Johnson <ryan@kiwi3.com>
- Date: Mon, 28 Jun 2004 21:22:11 -0700
I have to agree whole heartedly. It's a good idea, but will only lead to repetition by web developers. For even the simplest tasks, I always do server-side verification of the type and validity of the data. I say, let javascript or something else take care of client side verification *if* someone wants it as a first pass. Cluttering the language with a long list of other non-vital capabilities will lead to a fragmented implimentation of said language by the various browser makers leading us back to the present day mess of "maybe it'll work in browser X, maybe it won't". - Ryan On Jun 28, 2004, at 9:08 PM, Jason Lustig wrote: > Hi y'all > > I just recently read through the Web Forms 2.0 spec draft. I must say, > it looks awesome, very exciting from the POV of a web app developer > (i.e. me), and it would definitely make writing web apps SO much > easier with these extensions. > > However - I am a believer that client-side form vefification - while a > nice trick that will take care of most users - never will work with > real-world, open (i.e. anyone can access them) web apps, like > BBSes/forums/blogs. > > The reason is this: if the only verification going on is on the client > side, while it sure makes it easier for the developer, if a hacker > simply used a user-agent that didn't verify data integrity (they > wouldn't necessarily have to write a new one from scratch either - > like, say, they could hack mozilla to take out the verification code), > they could send in garbage and mess up the database. > > Oops! There goes all the data... > > --Jason > >
Received on Monday, 28 June 2004 21:22:11 UTC