I understand that server-side validation is an absolute must to prevent malicious users (or simply users who choose to disable javascript) from bypassing client-side validation. But that’s mainly to protect your application, not to provide value for those who are running browsers with javascript disabled. Is it reasonable to assume visitors have javascript enabled and simply have an unusable site for those who don’t?
I understand that server-side validation is an absolute must to prevent malicious users (or
Share
I browse with NoScript in Firefox, and it always annoys me when I get pages that don’t work. That said – know your audience. If you’re trying to cater to paranoid computer security professionals – assume they might not have JavaScript enabled. If you’re going for a general audience, JavaScript is probably on.