- From: Jon Hanna <jon@spin.ie>
- Date: Fri, 12 Jul 2002 17:40:31 +0100
- To: "W3c-Wai-Ig" <w3c-wai-ig@w3.org>
> I have a client who wishes to use JavaScript in a form for form > verification > prior to submit - it is important that all fields be filled out. I have > advised that all "Mission Critical" scripting MUST be server-side > to ensure > universal accessibility. Their concern however is on server load > - the form > is part of a huge enterprise with potentially hundreds of thousands of > "hits" daily. Their fears are misplaced. Not only is form validation that relies on client-side processing often inaccessible, it is almost always insecure, since not only do you have to catch mistakes in your validation, but also deliberately mal-formed data. Being 0wned by every script-kiddie with nothing better to do will not help their server load. Javascript can be used as a preliminary check; which will benefit both those users who can use it - since it is generally easier to understand an immediate message, especially if the focus is moved to the invalid item if one doesn't have problems with understanding the alerts, and reduce server load - by reducing the number of round-trips caused by invalid input, but it is never a robust, secure or accessible validation method. In fact I'm weary of using the term "validation" for such a mechanism at all.
Received on Friday, 12 July 2002 12:40:40 UTC