[whatwg] including <output> in form submissions
Bjartur Thorlacius
svartman95 at gmail.com
Fri Feb 24 01:30:21 PST 2012
On Feb 24, 2012, at 12:18 AM, Michael Gratton wrote:
>> But in general, I recommend against this. Anything that can be
>> computed
>> should be computed on the server to obtain the canonical value,
>> otherwise
>> you open yourself up to attackers sending you inconsistent data.
>
> While for applications where trust is an issue one clearly needs to
> check calculations server-side. When it is not however, this would
> be a
> welcome addition.
The principle of least authority applies. In general, neither the
client nor the link he communicates over should not be trusted
unnecessarily.
More information about the whatwg
mailing list