Hello Nedy, nice article! I'm sure people that are just getting into html5 features will find it extremely useful!
However, i'd like to point out a misconception on your very first sentence "Form Validation is something we all have to do on daily basis on the frontend because we want to ensure the validity of the data sent to the backend." as i think it may mislead newcomers.
As others have said, you absolutely cannot enforce validation on something the user owns ( browser in this case ), because there are plenty of ways of getting around: disable javascript, edit inputs with devtools, make raw post requests ( if these methods sound too technical for a normal user, think about a simple javascript error on a legacy browser you didn't even need to support ).
Security and validity should always be enforced by something the user has no access to: the server.
So why even bother validating user input on the frontend?
The answer is user experience.
If you run on the client the same checks that the server runs, in 99% of the cases you will catch errors before the request is sent, or better, before the user even finishes typing. This way, you will reach the number one goal for the user: to not waste time!
Thank you @matteorigon
, reading back now, I see the perspective of which this would sound to a newcomer. The essence of this is to improve user experience and also reduce the amount of calls made to server in order to validate the data sent.
Like I also replied in other comments, I did not write this to take away the essence and important of server-side security and validation.
That said, I will update this to clearly reflect my thoughts.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hello Nedy, nice article! I'm sure people that are just getting into html5 features will find it extremely useful!
However, i'd like to point out a misconception on your very first sentence "Form Validation is something we all have to do on daily basis on the frontend because we want to ensure the validity of the data sent to the backend." as i think it may mislead newcomers.
As others have said, you absolutely cannot enforce validation on something the user owns ( browser in this case ), because there are plenty of ways of getting around: disable javascript, edit inputs with devtools, make raw post requests ( if these methods sound too technical for a normal user, think about a simple javascript error on a legacy browser you didn't even need to support ).
Security and validity should always be enforced by something the user has no access to: the server.
So why even bother validating user input on the frontend?
The answer is user experience.
If you run on the client the same checks that the server runs, in 99% of the cases you will catch errors before the request is sent, or better, before the user even finishes typing. This way, you will reach the number one goal for the user: to not waste time!
Thank you @matteorigon , reading back now, I see the perspective of which this would sound to a newcomer. The essence of this is to improve user experience and also reduce the amount of calls made to server in order to validate the data sent.
Like I also replied in other comments, I did not write this to take away the essence and important of server-side security and validation.
That said, I will update this to clearly reflect my thoughts.