[TYPO3-core] RFC #9553: Bug: Form validation script jsfunc.validateform.js sometimes fails in IE
Xavier Perseguers
typo3 at perseguers.ch
Wed Oct 15 08:20:57 CEST 2008
Hi,
> By the way I think form validation should be rewritten in the future
> from scratch. IMHO it should be server side as
>
> 1. in case of an error in js validation func emails just sending without
> checking required fields
>
> 2. client side checking could be easily tricked by editing js or
> switching js off
>
> 3. there is old bug 3527 re: non-english unicode labels in form; that is
> not resolved because old browsers have missed javascript function
> decodeURI() (one of reasons)
>
> 4. bug in current thread also shows that better do server side
> evaluation than rely on valid javascript execution in every browser
IMHO, client-side check is just a way to quickly check that the form
*seems* to be valid, it is convenient in many cases to do this because
it saves bandwidth and can perform some quick checks, mainly misses from
the user.
However, server side checks should *always* be done for the reasons you
gave above and because sometimes a script is accessed "legally" from
another script on another server without relying on the html form itself
but by performing a direct POST request.
--
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html
More information about the TYPO3-team-core
mailing list