Hi,
It has been long time since we have been validating our forms using javascript. I am sure this must be the case with most other developers.
Question:
What if the user (or probably a bad guy) disables javascript?
You are lost !!
Is javascript validation worth of it?
Should we ever use it now?
Are there any solutions to this?
Correct me if I am wrong.
Thanks
Is javascript validation worth of it?
Yes, as it provides better user experience and preserves bandwidth
Should we ever use it now?
Yes for the aforementioned reasons
Are there any solutions to this?
Yes: Use server side validation as well
Using java script is not wrong. We've been using it since a long time. It is used for applying client side validations.
Still we should implement server side validations so that a BAD GUY would not be able to break the application.
What if the user (or probably a bad guy) disables javascript?
As said before: Simply do not rely on the client. Never do so. Check everything on the server again.
Should we ever use it now?
Yes - so the user immediately sees what's wrong. Otherwise he had to post back the data first which may take a while. By the way you reduce traffic to your server.
It's simply more inuitive.
//EDIT: BTW: The ASP.NET ValidationRules contain both client-side and server validation as far as I know.
Client-side (Javascript) validation is about usability, nothing else. If the cost of implementing is not worth the perceived increase in usability, then don't spend the time on it. These days it's pretty easy to do though!
I don't think you can do without server-side validation, however, since this is the only thing that provides you with any security.
If you're looking to save time, go with server-side only. If you want better performance and user experience, add client-side validation afterward. Never rely on client-side validation, for the reasons you state. All critical validation should occur on the server ... even if duplicated on the client.
Javascript validation is good because it provides a better user experience.
You should however never rely on it and should validate on the server regardless.
In a multi-tiered / service orientated environment validation should exist on multiple levels to allow for better reuse while still maintaining a secure application. Validation on the client side, whether in a desktop app, or web site/application should be there for a better user experience to prevent postbacks to the server everytime for validation, hence costing more bandwidth and user time. If client-side validation cannot be moved entirely to the front end then consider using ajax for a partial postback to a server side validation routine, while retaining a better customer experience but allowing a programmer to maintain the validation rules centrally.
Second to the client side, but more importantly, server side code should validate the data before persisting it via a data layer or passing it to another server side method/service, to employ business rules around the data and help prevent errors in data integrity. Lastly, the persistence layer itself (the immediate interface to the database or other storage mechanism) should validate the data being stored, again to prevent errors in data integrity and possibly further business rules. The last thing you want is a data store with useless data.
Employing this method will keep you data secure and integrity in line. On reuse of either you persistence layer, your data layer or your front-end presentation thereafter, in your own site (or via a web service, desktop application or mobile app), if designed properly, these validation routines are already in place and can be re-employed. This should prove to be of great benefit to you alone, and your colleagues and your management, if you happen work in a team.
javascripts are useful for client side validation. But you cannor rely only on them. You must use server side validation against the posted data. Javascript just prevents unnecessary posts to the server.