My name is Pascal Lamers, I am 30 years old and I am from Austria - and still live in Austria. Approx. 4 years ago I started to activley learn code and it was one of the best decisions of my life !
Good point - but i d like to think that this is also for server side validation. My rule of thumb: validate on the frontend for comfort , validate on the server for security .
HTML and JavaScript validation can be bypassed easily using the Developer Tools. If you plan on sending any data from the frontend to the server-side, you have to perform layered validation.
With the HTML then the JavaScript and finally the server-side. If they get past the first two, unless there is a hole in the server-side validation they are not getting past that.
Better still use a whitelist and deny any input that is not on this list.
Frontend form validation is not done for security, it's for user experience.
Backend validation is security, ideally frontend validation should be so good that non-malign users will mostly never hit those backend validation errors.
Imho frontend and backend validations serve completely different purposes and cannot directly be compared.
Note: the name and password length validation can be done with HTML alone. No need for JavaScript. See the minlength attribute.
Good point - but i d like to think that this is also for server side validation. My rule of thumb: validate on the frontend for comfort , validate on the server for security .
My thought exactly.
HTML and JavaScript validation can be bypassed easily using the Developer Tools. If you plan on sending any data from the frontend to the server-side, you have to perform layered validation.
With the HTML then the JavaScript and finally the server-side. If they get past the first two, unless there is a hole in the server-side validation they are not getting past that.
Better still use a whitelist and deny any input that is not on this list.
Frontend form validation is not done for security, it's for user experience.
Backend validation is security, ideally frontend validation should be so good that non-malign users will mostly never hit those backend validation errors.
Imho frontend and backend validations serve completely different purposes and cannot directly be compared.
Frontend form validation is a mixture of good user experience with security in mind.
Respectfully, frontend validation has absolutely zero to do with security.