http://www.perlmonks.org?node_id=439447


in reply to Re: How to hide JAVASCRIPT coding from CGI?
in thread How to hide JAVASCRIPT coding from CGI?

It's even easier than that- users can turn off javascript anywhere they want, nullifying your client-side validation altogether.

If you use Mozilla Firefox and the Web Developer Extension it is INCREDIBLY easy to muck with form values- you can turn POSTs to GETs, make all variables "writable" right in the browser, and generally wreck havoc on brittle form validation. Use javascript for UI/notification icing, server-side for real variable sanitization.

-Any sufficiently advanced technology is
indistinguishable from doubletalk.

My Biz

  • Comment on Re^2: How to hide JAVASCRIPT coding from CGI?