Hey everyone,
So: the project we're maintaining is filled with JavaScript on the client. One of the things I make sure happens is that everything gets validated server-side even with those fancy shiny JavaScript validators, and we incorporate that requirement into our automated tests. This was missing from some parts when we first took over the project.
Anyway, some projects don't keep that in mind. Today a friend of mine tried to submit something past the specified date, which is enforced by the web application. Said web application enforces this client-side with a crusty snippet of JavaScript code and a hidden form element. Well, surely they would do a check on the server as well, instead of rely on this fairly crude method? No, and with tools like FireBug and friends it's trivial to work around.
You just can't trust the client. I love JavaScript as well, but you still better be validating it from a trusted spot.
See you next time!
No comments:
Post a Comment