- From: Max Romantschuk <max@provico.fi>
- Date: Tue, 29 Jun 2004 07:55:16 +0300
Jason Lustig wrote: > However - I am a believer that client-side form vefification - while a > nice trick that will take care of most users - never will work with > real-world, open (i.e. anyone can access them) web apps, like > BBSes/forums/blogs. At the end of section 2.1, right before section 2.1.1 reads the following: "Servers should still perform type-checking on submitted data, as malicious users or rogue user agents might submit data intended to bypass this client-side type-checking. Validation done via script may also be easily bypassed if the user has disabled scripting. Additionally, legacy user agents do not support the validation features described in this specification and will therefore submit data that has not been checked." Your point is valid, but client-side checking is a valuable tool. A properly coded app will work fine despite malicious users, but users who do play by the rules and have a compliant user agent will see a huge boost in application responsiveness, as the amount of HTTP requests required for a complex form will be reduced dramatically. .max PS. New to the list. Hi everyone :) -- Max Romantschuk http://max.nma.fi/
Received on Monday, 28 June 2004 21:55:16 UTC