- From: Ian Hickson <py8ieh@bath.ac.uk>
- Date: Sat, 22 Jan 2000 22:44:10 +0000 (GMT)
- To: Thomas Ashe <Thomas.Ashe@blackbaud.com>
- cc: "'www-style'" <www-style@w3.org>
On Sat, 22 Jan 2000, Thomas Ashe wrote:
>
> For those of use developing web applications, I must ask how a user
> can use the display property safely.
>
> For example, say I serve a page that displays or hides elements
> using 'display', turning them on or off as the user makes choices on
> the page.
Alarm bells immediately start ringing. Stylesheets should *never* be
used in cases where they are mandatory -- users can turn them off, can
turn off scripting, can override stylesheets, can use text browsers,
and perform any number of other atrocities to your pages.
Remember: a stylesheet is only a set of *hints*. Nothing more.
> If the user adds:
> * {display:inline ! important; visibility:visible !important}
...then he will see all the fields, as he probably intended.
> Any scripts that perform validation are suddenly no longer able to
> rely on the fact that elements are only displayed when appropriate.
Client-side scripts should not be used for validation. You have
absolutely no guarantee that client-side scripts will run, or how they
will run. Validation could be done client-side as a help to the user
to make sure that his data makes sense, but in the end the server must
ALWAYS validate the data itself.
If a page relies on stylesheets and/or scripting to be usable, then it
is clearly not using techniques for graceful degradation. Have you
checked the relevant pages on Lynx?
--
Ian Hickson ("`-''-/").___..--''"`-._
http://www.bath.ac.uk/%7Epy8ieh/ `6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-' fL
Member, Mozilla Quality Assurance _..`--'_..-_/ /--'_.' ,'
Browser Standards Compliance Team (il).-'' (li).' ((!.-'
Received on Saturday, 22 January 2000 17:44:22 UTC