HTML and JavaScript validation can be bypassed easily using the Developer Tools. If you plan on sending any data from the frontend to the server-side, you have to perform layered validation.
With the HTML then the JavaScript and finally the server-side. If they get past the first two, unless there is a hole in the server-side validation they are not getting past that.
Better still use a whitelist and deny any input that is not on this list.
Frontend form validation is not done for security, it's for user experience.
Backend validation is security, ideally frontend validation should be so good that non-malign users will mostly never hit those backend validation errors.
Imho frontend and backend validations serve completely different purposes and cannot directly be compared.
HTML and JavaScript validation can be bypassed easily using the Developer Tools. If you plan on sending any data from the frontend to the server-side, you have to perform layered validation.
With the HTML then the JavaScript and finally the server-side. If they get past the first two, unless there is a hole in the server-side validation they are not getting past that.
Better still use a whitelist and deny any input that is not on this list.
Frontend form validation is not done for security, it's for user experience.
Backend validation is security, ideally frontend validation should be so good that non-malign users will mostly never hit those backend validation errors.
Imho frontend and backend validations serve completely different purposes and cannot directly be compared.
Frontend form validation is a mixture of good user experience with security in mind.
Respectfully, frontend validation has absolutely zero to do with security.