I mean when we have something like this: <input type="email" name="email" id="email" required> Code (markup): Can we skip the validation process? Isn't it duplication? Thank you,
There is a very basic rule of security so far as HTML goes. NOTHING you do client-side can be trusted. Old UA's might not recognize any of that. Some script kiddy might bypass it with the document inspector. Bots might just read all the names and types of your form and bullshit it completely bypassing browser protections. It does not matter one blasted bit what you've done client-side, you check that information server-side before you do ANYTHING with it! It's why I never actually bothered using JavaScript client-side for this stuff, and treat the new 5 validations the way scripting validation should be. A convenience for the end user and to reduce having to spit the page back at the user on error. In no way, shape, or form is it ACTUAL validation.
You do javascript validation for the user experience, not for security. It's faster to check in JS and trow an alert or display an error, than to have it done on the back-end, repopulate all the fields and display the error....
So laci, what do you think will happen if the user simply turns off javascript and submits the form? Presto you're hacked! Which is why you use a server-side language like php to validate the info even if it's a simple contact form being sent to your email address. Note, you don't have to know php, there are hundreds of plug-n-play validation scripts out there to help.
No one said you don't validate server side.. It's not an or proposition, it's and.. do both. I meant the error messages are more easily handled on the front end. If you disable JS, I assume you're a hacker or a maniac, so all you get if the form is wrong is: "submitted form is invalid" and you have to manually go back and resubmit. for 99.99% of user cases, JS validation works perfectly. For the one person a year who has JS disabled.. extreme privacy comes with a cost