Menu
I have a question about forms validation in JS. I know that the most part of the inputs of an app must be validated on the server side, but if you also do it in the client side, you will be avoiding unnecesary requests to the server.
In the other hand, the logic of your data validation will be exposed in your client code (in my opinion there will be more chance to bypass the app security), and also, there will be code repetition (in the server and client) and a double check if all is correct, which is not the best performance.
Is there any standard? Until now, I have been doing all this stuff in the backend, but I am a little curious about this.
I would really appreciate the suggestion (list of pros and cons, if necessary) of an experienced programmer.
Thank you.
899
asked Sep 24 '20 10:09
Your apps should always perform security checks on any form-submitted data on the server-side as well as the client-side, because client-side validation is too easy to bypass, so malicious users can still easily send bad data through to your server.
In general, it is best to perform input validation on both the client side and server side. Client-side input validation can help reduce server load and can prevent malicious users from submitting invalid data. However, client-side input validation is not a substitute for server-side input validation.
Ideally, both. If it's one or the other, back end.
Input validation must always be done on the server-side for security. While client side validation can be useful for both functional and some security purposes it can often be easily bypassed. This makes server-side validation even more fundamental to security.
Validation done in the browser is called client-side validation, while validation done on the server is called server-side validation. In this chapter we are focusing on client-side validation.
The both side validation is needed for a number of reasons, some of them are: With javascript validation you reducing the data traffic between the website and the client. It is possible to have a website that is using both javascript and "older" technologies to be valid for every user and every browser.
Client-side form validation sometimes requires JavaScript if you want to customize styling and error messages, but it always requires you to think carefully about the user. Always remember to help your users correct the data they provide. To that end, be sure to: Display explicit error messages. Be permissive about the input format.
This is called form validation. When you enter data, the browser and/or the web server will check to see that the data is in the correct format and within the constraints set by the application. Validation done in the browser is called client-side validation, while validation done on the server is called server-side validation.
Cybercreeps can attack your server-side applications with maliciously crafted requests. They don't have to use your client side code to do this, instead they can hack together their own client side scripts. Therefore, your server code MUST do all validation necessary to protect your application against attack. It CANNOT rely on client side validation for security and integrity.
Your client side application can also validate its inputs. For example, it can warn the user if they put their given name into a date field, or make other similar mistakes. You do this as a courtesy to your user, to make your app easier to use.
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
