Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
552 views
in Technique[技术] by (71.8m points)

forms - Is my JavaScript validating enough?

I have a question concerning validating data from a form submitted using AJAX (doesn't really matter).

I am validating it using jQuery, usually three things:

  • Is there any data in the field?
  • Is the length of the data (and the kind of data) correct?
  • Does the data match the regex (no strange XSS characters etc.)

My question: How much of the validation do I need to repeat serverside? Can users execute JS and/or change my HTML in a way that any hazardous code will be submitted into my backend?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Never rely on JavaScript and client-side validation. Simply because a user can very easily disable or circumvent your client-side validations.

Any user input should treated invalid until validated on the server side.

Client-side validations should be considered as a "nice to have" feature, to increase the UX value of your application (it allows users to detect errors sooner, not having to refill the form). But that's all it is. It's not an alternative to solid server-side validation.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...