[whatwg] [Input type=submit] "Disable" after submitting

Kornel kornel at geekhood.net
Tue Jan 26 07:22:42 PST 2010


On 26 Jan 2010, at 14:34, Aaron Bassett wrote:
>
> Ensuring that your server-side form handler can detect and properly
> deal with multiple submissions?
>
> Client-side validation should only ever supplement server-side
> validation, never replace it. The reason for client-side validation is
> to improve the user experience, it allows for common data entry
> problems to be detected and the user notified without a round trip to
> the server. IMHO disabling the submit button does not add anything to
> the user's experience, so there is no reason to do it. Unless you are
> too lazy to have proper server-side validation? ;)


I agree that in cases when it's important that duplicate submissions  
are stopped (placing orders, etc.), there must be server-side  
protection.

However it's not always essential (e.g. for idempotent actions or in  
chat applications) and in these cases authors may be OK with weak  
protection.

There are benefits of client-side prevention regardless of server-side  
validation:

- if form is large (long wiki page or file upload), it saves time and  
bandwidth.
- if client-side handles most cases, then server-side check for  
duplicate submission becomes mainly a fallback and security measure,  
and doesn't need to be as user-friendly (i.e. it would suffice if it  
replied with error instead of having to silently redirect to previous  
submission's result). This simplifies server-side implementation.

-- 
regards, Kornel



More information about the whatwg mailing list