

Quick doubt about HTML5 - Goldman

hi, im trying to be a webdeveloper. Learning the basis with Deitel&#x27;s book and came a quick security server question...<p>In a Deitel&#x27;s example ( Chapter 3 fig 3.1 )
http:&#x2F;&#x2F;pastebin.com&#x2F;YxWtCUe7<p>line 44:
&lt;input type = &quot;email&quot; placeholder = &quot;name@domain.com&quot; required &#x2F;&gt; (name@domain.com)<p>In google chrome I can easily change the attr REQUIRED and erase. Then, I can submit the POST to server.<p>Tell me guys, in a &quot;real world application web client-server&quot; this can be a problem? Cuz if I can really send this query to server so I&#x27;ll need to make input check in client AND server side.<p>regards,
======
Goldman
thanks jaachan

guys I've made a test:

[http://www.lolnexus.com/scouter/search?name=sk+ocelote&serve...](http://www.lolnexus.com/scouter/search?name=sk+ocelote&server=EUW)

player SK ocelote is playing right now on EUW server

In google chrome I've made changes to test

<input type="text" class="span7" name="name" autofocus="autofocus"
onchange="javascript:this.value=this.value.toLowerCase();" placeholder="Enter
a player currently in an active match" style="height:30px;">

name="name" to name="fewnfewo"

name="name" to name="sk ocelote"

name="name" to abc="name"

neither one works

the GET need's to be to work
[http://www.lolnexus.com/scouter/search?name=sk+ocelote&serve...](http://www.lolnexus.com/scouter/search?name=sk+ocelote&server=EUW)

the last one abc="name" sends get:

[http://www.lolnexus.com/scouter/search?server=EUW](http://www.lolnexus.com/scouter/search?server=EUW)

I'm asking myself if there is a possibility of exploit from client side? But I
don't have required knowledges to recognize.

ps: this is just an example from a real application. Trying to explain what
I've thought.

------
jaachan
Never depend on the client to do your validation. Client side validation is a
courtesy and/or usability issue, not something you can rely on in any way.
Always do server side validation.

