DEV Community

loading...

Discussion on: Tips For Validating HTML Form Inputs

lawrencejohnson profile image
Lawrence • Edited

I wouldn't bother sending an AJAX request on every field either, but it depends on the complexity of the form and how it was designed. In most real world examples, if you care about data integrity, HTML5 validation is a giant pain for testing since you need to edit the markup to disable it. If you are doing unit testing, could skip manual testing without the client-side validation, but most websites are not configured for unit testing and just as many devs have no idea what that even is.

Personally, I like to do a combination of light client-side and full server-side validation. Javascript will do things like highlight an empty field that is required on blur, but ultimately all validation and messaging is handled in AJAX requests on submit. Again, it depends on the form, but in 20+ years and hundreds of form implementations, I've completely discarded use of HTML5 validation. I was on board when it first came out years ago, but dropped it within a year of applied use. Once you start working with WAS or understand how malicious users attack form handlers, you'll realize that the convenience is not that convenient.

Thread Thread
nedyudombat profile image
Nedy Udombat Author

Great, I think I understand you better now, but this sounds more of a matter preference.

Thread Thread
lawrencejohnson profile image
Lawrence

There is almost always a matter of preference involved in how you approach technology problems; my only goal from the original comment was to point out to unsuspecting visitors that HTML5 validation, by itself, will not prevent abuse.

Thread Thread
nedyudombat profile image
Nedy Udombat Author • Edited

True, and the essence of this article was to show tips on how to use HTML to validate the type of data being sent to the server.