I have a lengthy form which heavily uses client-side validation (written in jQuery). To prevent users with disabled JavaScript submitting the form, I have included a hidden field which is populated with "javascript_enabled" value by jQuery. If JS is disabled in the browser, then the filed is left blank and the form will not be submitted.
The question is - is this enough and I should feel safe, or do I have to include a server side validation for every field too?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
