Peter Goddard wrote:
Hence, the optimum solution is the have the client browser perform validation BEFORE submission to the server.
From a security standpoint always validate user input from an untrusted source to prevent any client side injection attacks.
Not just security: some users may have javascript disabled, or completely unavailable.
Client side validation is a nice usability enhancement when it works, but should *always* be backed up by server side validation.
-- Patrick H. Lauke __________________________________________________________ re·dux (adj.): brought back; returned. used postpositively [latin : re-, re- + dux, leader; see duke.] www.splintered.co.uk | www.photographia.co.uk http://redux.deviantart.com __________________________________________________________ Web Standards Project (WaSP) Accessibility Task Force http://webstandards.org/ __________________________________________________________ ****************************************************** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help ******************************************************
