- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 30 Jun 2004 14:25:33 +0000 (UTC)
On Tue, 29 Jun 2004, Jason Lustig wrote: > > I just recently read through the Web Forms 2.0 spec draft. I must say, > it looks awesome, very exciting from the POV of a web app developer > (i.e. me), and it would definitely make writing web apps SO much easier > with these extensions. > > However - I am a believer that client-side form vefification - while a > nice trick that will take care of most users - never will work with > real-world, open (i.e. anyone can access them) web apps, like > BBSes/forums/blogs. Indeed. As the spec says: # Servers should still perform type-checking on submitted data, as # malicious users or rogue user agents might submit data intended to # bypass this client-side type-checking. Validation done via script may # also be easily bypassed if the user has disabled scripting. # Additionally, legacy user agents do not support the validation features # described in this specification and will therefore submit data that has # not been checked. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 30 June 2004 07:25:33 UTC