[whatwg] including <output> in form submissions
svartman95 at gmail.com
Fri Feb 24 01:30:21 PST 2012
On Feb 24, 2012, at 12:18 AM, Michael Gratton wrote:
>> But in general, I recommend against this. Anything that can be
>> should be computed on the server to obtain the canonical value,
>> you open yourself up to attackers sending you inconsistent data.
> While for applications where trust is an issue one clearly needs to
> check calculations server-side. When it is not however, this would
> be a
> welcome addition.
The principle of least authority applies. In general, neither the
client nor the link he communicates over should not be trusted
More information about the whatwg