[whatwg] including <output> in form submissions

Bjartur Thorlacius svartman95 at gmail.com
Fri Feb 24 01:30:21 PST 2012

On Feb 24, 2012, at 12:18 AM, Michael Gratton wrote:

>> But in general, I recommend against this. Anything that can be  
>> computed
>> should be computed on the server to obtain the canonical value,  
>> otherwise
>> you open yourself up to attackers sending you inconsistent data.
> While for applications where trust is an issue one clearly needs to
> check calculations server-side. When it is not however, this would  
> be a
> welcome addition.
The principle of least authority applies. In general, neither the  
client nor the link he communicates over should not be trusted  

More information about the whatwg mailing list