Home/ Questions/Q 8054037
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T08:03:01+00:00

I was wondering if it was possible for users to edit the javascript on

  • 0

I was wondering if it was possible for users to edit the javascript on a page.

For example, if a submit button event handler in javascript has a condition like this:

if (!txtName.match(/^[\w ]+$/)) {
    alert("Please use only letters, numbers, underscores and spaces in your name.");
    return;
}

Do I also have to validate the name on the server or can I trust that an improper name cannot be sent to the server? Basically, can the javascript be manipulated by the user to bypass this sort of check?

If not, could packet injection be used to submit an invalid name? I don’t know much about security so I was just curious about these sorts of issues…. Okay thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Do I also have to validate the name on the server

    Yes

    or can I trust that an improper name cannot be sent to the server?

    No

    Basically, can the javascript be manipulated by the user to bypass this sort of check?

    Manipulated.

    Turned off.

    When it comes to validation, it can only be used to save the user time (but avoiding server round trips), not security.

    Could packet injection be used to submit an invalid name?

    Yes.

    Manually constructing an HTTP request would be much easier though.

    • 0