[whatwg] substantive comment on Web Forms 2.0, and suggestion
Ian Hickson
ian at hixie.ch
Sat Jul 10 03:31:42 PDT 2004
On Wed, 7 Jul 2004, Andrew Hagen wrote:
>
> I think Web Forms 2.0 is great. The best part is that it builds on HTML
> forms. It makes it easier for a web designer to validate form input data
> for sanity and without lots of Javascript.
Glad you like it!
> Nothing would prevent a user with IE from finding such a form and
> entering data into the form with his browser. He can even submit the
> data with IE. This will give IE the ability to send bad data (not
> validated) to the server. To prevent the bad data,a separate program
> would be needed to validate the data on the server end.
You must _always_ validate on the server-side. It would always be possible
for people to send bogus data to the server, either maliciously, or in
error (e.g. if a browser had a bug, or, as you point out, if it doesn't
support Web Forms 2).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list