Win a copy of Event Streams in Action this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

JavaScript disabled

 
Ranch Hand
Posts: 629
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have a question. Say I implement form validation using JavaScript and the JavaScript is disabled on the client browser then what should I do and how should I do it?

Thanks.
 
Marshal
Posts: 67275
170
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Regardless of whether client validation happens or not, submitted data should always be validated on the server. Always.
 
Arjun Reddy
Ranch Hand
Posts: 629
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Regardless of whether client validation happens or not, submitted data should always be validated on the server. Always.



The main purpose of client side JavaScript validation is to lessen the burden on the server. So according to what you said, why do we need to do the JavaScript validation at all in the first place? Or is it like, check the browser and see if JavaScript is enabled and if it is, do JavaScript validation else do the validation on the server side?

Also, say not alone form validation, I have some other JavaScript written and the browser has JavaScript disabled. What should I do then as a JavaScript programmer?

Thanks.
 
Bear Bibeault
Marshal
Posts: 67275
170
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Arjun Reddy wrote:The main purpose of client side JavaScript validation is to lessen the burden on the server.


Incorrect.

The primary purpose of client-side validation is to give users a better experience by alerrting them to potential erros with their input, where possible, prior to submitting it to the server.

Client-side validation should never, ever, ever, and did I mention never, be used in lieu of server-side validation.

Or is it like, check the browser and see if JavaScript is enabled and if it is, do JavaScript validation else do the validation on the server side?

No. Always validate on the server. Validate on the client to make your application nicer to use. Period.

I have some other JavaScript written and the browser has JavaScript disabled. What should I do then as a JavaScript programmer?


Either disallow the use of the site if JavaScript is disabled, or write semantic HTML such that the site is still usable with JavaScript disabled.
 
author and iconoclast
Posts: 24203
43
Mac OS X Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're assuming that your web page will be the only tool used to contact your server. But hacker are clever folks, and if it's possible to break your system by creating a new web page that (for example) looks like it validates the data, but doesn't, then they're going to do that. Your server can never trust the web browser, ever. This is such a fundamental principle of programming for the Web, I'm surprised you're not familiar with the idea.

Anyway, don't know where you got the idea that the purpose of client-side validation is to make the server's load easier. I guess that's true, but only because it will prevent the server from needing to send error pages to the client. You can't skip checking the data on the server.

[ Edit: Man, Bear is fast. ]
 
Bear Bibeault
Marshal
Posts: 67275
170
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ernest Friedman-Hill wrote:[ Edit: Man, Bear is fast. ]


You should see me with a plate of something yummy!
 
Arjun Reddy
Ranch Hand
Posts: 629
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh, so you meant for example check for the phone number to be of 9 numbers length, check if a valid email id is specified etc... on the client side but validate the login info when the user tries to login to the website on the server side. Right?

Also, is there a way I can show a message asking the user to enable his JavaScript?

Thanks.
 
Ernest Friedman-Hill
author and iconoclast
Posts: 24203
43
Mac OS X Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Arjun Reddy wrote:
Oh, so you meant for example check for the phone number to be of 9 numbers length, check if a valid email id is specified etc... on the client side but validate the login info when the user tries to login to the website on the server side. Right?



Only if you don't care whether your database contains malformed phone numbers and invalid email addresses. If you care, then you have to check on the server.


Arjun Reddy wrote:
Also, is there a way I can show a message asking the user to enable his JavaScript?



Check out the NOSCRIPT HTML tag.
 
Bear Bibeault
Marshal
Posts: 67275
170
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Arjun Reddy wrote:Oh, so you meant ... on the client side but validate the login info when the user tries to login to the website on the server side. Right?


No. Always assume that client-side validation didn't take place. For all data.

Also, is there a way I can show a message asking the user to enable his JavaScript?

Sure. Put the message in an HTML construct that you hide or remove with JavaScript. No JavaScript and the tag stays put. You can also investigate the <noscript> tag.

[Edit: EFH wins that draw!]
 
Arjun Reddy
Ranch Hand
Posts: 629
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lol thanks guys for replying. Ok, So what exactly does JavaScript validation mean then?
 
Bear Bibeault
Marshal
Posts: 67275
170
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It means you care enough about your users to give them a good experience.
 
Arjun Reddy
Ranch Hand
Posts: 629
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:It means you care enough about your users to give them a good experience.


how? by doing what?
 
Bear Bibeault
Marshal
Posts: 67275
170
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Read my replies.
 
Arjun Reddy
Ranch Hand
Posts: 629
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Read my replies.

Ok, I got it. I think I should sleep now Thanks for replying guys
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!