Home/ Questions/Q 6016663
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T03:00:55+00:00

I am concerning about client who turns off Javascript in their browser for security

  • 0

I am concerning about client who turns off Javascript in their browser for security reasons. My web application use jQuery heavily on validation, AJAX, etc.

My colleague suggests I also do the validation on server side. But I also have some show/hide effect on client side, for example, if a checkbox is checked, a hiden table will show immediately. I know with setting autopostback = true, I can also get the same effect.
However, is there no conflict?

I don’t know how many client browsers don’t support Javascript. My colleage also said someone could modify javascript to bypass validation. With the session velidation on server side, is this kind of hack possible, is this meaningful? My web application is .net 3.5 project. I just don’t know how to convince him. Any suggestion is hignly appreciated!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You must always perform validation on the server when dealing with posted forms. Consider – I can craft a small script in PHP and POST data to your server without using your form at all! You cannot ever rely on javascript validation.

    Javascript validation is like the icing on the cake. It can make your form more accessible and more easy to understand. But it just isn’t the cake itself. Take some time to read about the concept of “progressive enhancement”:

    http://www.alistapart.com/articles/understandingprogressiveenhancement

    http://coding.smashingmagazine.com/2009/04/22/progressive-enhancement-what-it-is-and-how-to-use-it/

    For javascript-heavy web applications, though, sometimes progressive enhancement isn’t worth it. For instance, if I am making a web-based payment processing system for a specific in-house use. I know there will be Firefox, I know who will be using it. If anyone tries to use it outside the known environment, I don’t care that it doesn’t work – they aren’t supposed to be using it. Likewise, if I’m creating a complex browser-based image editing web application, there just won’t be any point in a non-javascript version of the application.

    You’ve got to assess whether your final product aims to be accessible by the largest segment of users, or if the features brought by javascript are important and specific enough to merit requiring javascript in order to use your application. In those cases, check out the noscript tag: https://developer.mozilla.org/en/HTML/Element/noscript

    • 0