Re: Opinions please from Jim Ley on 2002-07-12 (w3c-wai-ig@w3.org from July to September 2002)

From: Jim Ley <jim@jibbering.com>
Date: Fri, 12 Jul 2002 16:42:30 -0000
To: "W3c-Wai-Ig" <w3c-wai-ig@w3.org>, "WebAIM forum" <webaim@mailservice.cpd.usu.edu>
Message-ID: <003301c229c3$1df2ad00$ca969dc3@emedia.co.uk>

"John Foliot - bytown internet" <foliot@bytowninternet.com>

> I have a client who wishes to use JavaScript in a form for form
verification
> prior to submit - it is important that all fields be filled out.  I
have
> advised that all "Mission Critical" scripting MUST be server-side to
ensure
> universal accessibility.  Their concern however is on server load - the
form
> is part of a huge enterprise with potentially hundreds of thousands of
> "hits" daily.  The question was then posed - could they use JavaScript
as
> the primary means of form verification, with a server side redundant
back-up
> for user agents which do not support client side scripting?

Of course, this is the completely normal behaviour in the majority of
form validation done on the web today, it's only where the javascript has
been authored so it is not possible to submit the form without javascript
do you have an accessibility problem related to this (although informing
users of the error may be an accessibility problem in itself - I find
modal javascript alerts a problem for example.)

> My first instinct is to say probably yes, citing the W3C WCAG Guideline
> 11.4: "If, after best efforts, you cannot create an accessible page,
provide
> a link to an alternative page that uses W3C technologies,

This surely isn't relevant - you're not proposing to use 2 different
pages for this are you?

<form onsubmit="return validation()">

</form>

Now, as long as you ensure that the validation function cannot cause a
runtime error, and can return true, you should have no problems, you
_MUST_ validate all content on the server regardless of anything else,
simple security/data integrity tells you that since you cannot know what
is happening - of course you still save server load as in general you're
only getting valid data.

> Does anybody see any holes here?  Not being a server guy, I'm not sure
how
> they could actually accomplish this (how would the server-side checker
know
> when _not_ to check without first running?)

It must check everything always, you'd be a fool to do anything else, but
that's not an accessibility issue.

Jim.

Received on Friday, 12 July 2002 12:49:29 UTC