On Thursday, 1 May 2014 at 13:33:50 UTC, Marc Schütz wrote:
IMO the client shouldn't do any validation, unless you can
really, really trust it. That's why I like to do things the
following way:
1. user input on the client
2. post using ajax
3. server validates and stores the data
4a. if transaction or data is invalid fails, send errors to the
client
4b. if everything's ok, tell the client to redirect to the next
page
5. on the client, add error CSS classes to the relevant fields,
or execute the redirect
That's a lot of unnecessary back and forth to the server for a
JS-based design. Plus it avoids some of the nicer UX enhancements
JS can enable, like validate-as-you-type, and does so without the
benefit of not requiring JS. Kind of a worst of both worlds (no
offence).
Naturally, the server needs to do validation no matter what. But
there's nothing wrong with doing an optional preliminary
validation on the client side first.
