Similarly, any JS-only validation can be bypassed (breakpoints, changing values etc.)
Far too many sites these days forget this. I've lost count of the number of forms I've 'fooled' into letting me continue as all the validation is done client-side. I've even seen 'server-side' validation fail as the result of a server-side check whose result was being checked on the client-side - something like this:
constformIsValid=validateFormServerSide()// make a breakpoint here, change formIsValid to true ...// Voila! 'server-side' validation bypassedif(formIsValid){// Do stuff}
All the in-built stuff can be called with JS. You just need to augment it a little for cases like this - not re-invent the wheel
When a user use inspect element and change the pattern or and the type the build in validation would result in a false isValid
Similarly, any JS-only validation can be bypassed (breakpoints, changing values etc.)
Far too many sites these days forget this. I've lost count of the number of forms I've 'fooled' into letting me continue as all the validation is done client-side. I've even seen 'server-side' validation fail as the result of a server-side check whose result was being checked on the client-side - something like this:
True submitting a form needs also to be validate on server side.