- From: Jim Ley <jim@jibbering.com>
- Date: Fri, 12 Jul 2002 16:42:30 -0000
- To: "W3c-Wai-Ig" <w3c-wai-ig@w3.org>, "WebAIM forum" <webaim@mailservice.cpd.usu.edu>
"John Foliot - bytown internet" <foliot@bytowninternet.com> > I have a client who wishes to use JavaScript in a form for form verification > prior to submit - it is important that all fields be filled out. I have > advised that all "Mission Critical" scripting MUST be server-side to ensure > universal accessibility. Their concern however is on server load - the form > is part of a huge enterprise with potentially hundreds of thousands of > "hits" daily. The question was then posed - could they use JavaScript as > the primary means of form verification, with a server side redundant back-up > for user agents which do not support client side scripting? Of course, this is the completely normal behaviour in the majority of form validation done on the web today, it's only where the javascript has been authored so it is not possible to submit the form without javascript do you have an accessibility problem related to this (although informing users of the error may be an accessibility problem in itself - I find modal javascript alerts a problem for example.) > My first instinct is to say probably yes, citing the W3C WCAG Guideline > 11.4: "If, after best efforts, you cannot create an accessible page, provide > a link to an alternative page that uses W3C technologies, This surely isn't relevant - you're not proposing to use 2 different pages for this are you? <form onsubmit="return validation()"> </form> Now, as long as you ensure that the validation function cannot cause a runtime error, and can return true, you should have no problems, you _MUST_ validate all content on the server regardless of anything else, simple security/data integrity tells you that since you cannot know what is happening - of course you still save server load as in general you're only getting valid data. > Does anybody see any holes here? Not being a server guy, I'm not sure how > they could actually accomplish this (how would the server-side checker know > when _not_ to check without first running?) It must check everything always, you'd be a fool to do anything else, but that's not an accessibility issue. Jim.
Received on Friday, 12 July 2002 12:49:29 UTC