7

I am using the simplest of HTML 5 forms, and wish to use the 'required' attribute for the checkbox to make sure the user clicks it when submitting the form.

Should I have some server side validation - in case somebody is using a browser that doesn't support html5?

More Information:

My form looks like this:

[] I accept the terms and conditions

Submit

Code: 

<input type="checkbox" required> I accept the terms and conditions<br />
<input type="submit" value="submit"/>
accord_guy
  • 314
  • 2
  • 11
  • 3
    Yes. You always need server side validation. This (client side/html/js) validation is not a reliable restriction, but you also need it to guide user about input. A developer can easily violate this. – Sami Aug 01 '16 at 09:19
  • Should be closed. I don't know exactly in which category it falls, is it off-topic, too-broad or primarily opinion based. I am not sure. But its not a programming question. It is asking to guide about a topic and not for any specific stucking scenario – Sami Aug 01 '16 at 09:26

5 Answers5

8

Client-side form validation is a good way for enhancing user experience, it also provides some styling that can help to communicate that an input is required.

But you will allways still have to validate any data submitted on the server, making sure is clean and safe data. The required attribute can be manipulated by a malicious user.

marcanuy
  • 23,118
  • 9
  • 64
  • 113
3

Never trust any data from the client side (Whether HTML or JS, they can be changed. Validation on client side is just for better user experience. Real security is at the server side.

null
  • 169
  • 1
  • 13
2

Actually required CSS pseudo class is supported by all browser (no ok, IE8 excluded), as you can see here

http://caniuse.com/#search=form%20validation

Anyway, you ALWAYS need a server side validation, because client side checked data must be considered unsafe regardless.

Luca
  • 1,588
  • 2
  • 22
  • 26
0

It is not enough to save your logic behind the UI. Some HTML form validation dose not work in some browsers. So server side validation is MUST!

Sahan Pasindu Nirmal
  • 433
  • 4
  • 13
  • 36
0

Client-side validation is when the user input is validated by the browser before it is sent to the server, which can be done using HTML attributes, JavaScript, or other scripting languages. This kind of validation gives no assurance that the validation has not been messed around with by the hackers and malicious users who often find loopholes across such weak safety protocols. Due to this , in production level enterprise grade software and other ready to deploy over the net applications it is strongly suggested to use server-side validation protocol in order to ensure that there has been no mishandling with data. For example: springboot uses "spring-boot-starter-validation" dependency in the pom.xml file in order to levy its server side validation methods into the program.

Madhav Jha
  • 1
  • 1