Rick Faircloth wrote: >> A lot of form data validation can be completely contained within the client >> using JavaScript, > > But isn't this scenario assuming that JS is available? I thought the argument > was that one has to assume that JS isn't available and a complete server-side > validation routine would have to be in place.
The argument is that one has to assume that the javascript in the browser is under control of the user and can not be trusted, even if it is present. > It seems that most on the list have been saying use the client-side JS for > user experience enhancement, but assume JS is not available. In that case, > I'd need to run server-side validation on everything anyway... Regardless of the availability of javascript, you always need server-side validation for security issues. Feel free to point me to a "javascript required" website with all javascript validation you have running and I will gladly demonstrate that need ;) Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275529 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
