[whatwg] substantive comment on Web Forms 2.0, and suggestion

Ian Hickson ian at hixie.ch
Sat Jul 10 03:31:42 PDT 2004


On Wed, 7 Jul 2004, Andrew Hagen wrote:
>
> I think Web Forms 2.0 is great. The best part is that it builds on HTML
> forms. It makes it easier for a web designer to validate form input data
> for sanity and without lots of Javascript.

Glad you like it!


> Nothing would prevent a user with IE from finding such a form and
> entering data into the form with his browser. He can even submit the
> data with IE. This will give IE the ability to send bad data (not
> validated) to the server. To prevent the bad data,a separate program
> would be needed to validate the data on the server end.

You must _always_ validate on the server-side. It would always be possible
for people to send bogus data to the server, either maliciously, or in
error (e.g. if a browser had a bug, or, as you point out, if it doesn't
support Web Forms 2).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list