forms - Is my JavaScript validating enough?

Question

I have a question concerning validating data from a form submitted using AJAX (doesn't really matter).

I am validating it using jQuery, usually three things:

• Is there any data in the field?
• Is the length of the data (and the kind of data) correct?
• Does the data match the regex (no strange XSS characters etc.)

My question: How much of the validation do I need to repeat serverside? Can users execute JS and/or change my HTML in a way that any hazardous code will be submitted into my backend?

Answer 1

Never rely on JavaScript and client-side validation. Simply because a user can very easily disable or circumvent your client-side validations.

Any user input should treated invalid until validated on the server side.

Client-side validations should be considered as a "nice to have" feature, to increase the UX value of your application (it allows users to detect errors sooner, not having to refill the form). But that's all it is. It's not an alternative to solid server-side validation.