I have a perl script that converts strings to different encodings, like base64, ASCII or hex (both ways). Now I am writing ajax front end for it, and my question is; if I want to automate the detection of the encoding of the string submitted, is it more efficient to perform regex search on the string submitted with javascript before I send it to the server, or is it faster to leave it for the perl script to figure out what type of string?
To clarify, I am asking which of these two is better:
- String submitted
- Javascript detects the encoding
- AJAX submits encoding and the string to perl script
- Perl script returns decoded string
or
- String submitted
- AJAX submits the string to perl script
- Perl script detects encoding and returns decoded string
Is there a particular rule of thumb where this type of processing should be performed, and what do you think is better (meaning faster) implementation?
You must validate your data on the server. Period. Otherwise you’ll be sailing off into uncharted waters as soon as some two-bit wannabe “hacker” passes you a base64 string and a tag claiming that your javascript thinks it’s hex.
Given this, it’s up to you whether you want to also detect encoding on the client side. This has some potential benefits, since it allows you to not send data to the server at all if it’s encoded in an invalid fashion or to tell the user what encoding was detected and allow them to correct it if it’s an ambiguous case (e.g., hex digits are a subset of the base64 character set, so any hex string could potentially be base64). Just remember that, if an encoding gets passed to the server by the client, the server must still sanity-check the received encoding specifier and be prepared to ignore it (or reject the request completely) if it’s inappropriate for the corresponding data.