I see all those tutorials about how one can use Javascript for input validating (checking to see that the email is valid for example), but nothing is stopping someone from loading the form, disabling Javascript, and then submitting the bad input without passing through the tests.
I tried to think of a way that lets you overcome this, and the best thing I could come up with is having a hidden input field and onsubmit after input validation a special value is inserted there using Javascript. Then if the server sees that it wasn’t inserted it can tell that something is wrong.
But again, the js file is sent to the user, they can see the HTML, it shouldn’t be too difficult to get around this as well.
The more I think of it the more I’m sure that there’s no point in validating things using javascript because you will need to repeat the tests on the server side anyway, which begs the question of why people even bother with Javascript as a validating tool.
Am I missing something?
While server-side validation is a must, client-side validation using Javascript is definitely recommended.
There are numerous libraries out there that can assist in adding general client-side validation using javascript. Most of them require almost no effort to incorporate into a form.