Hacker News new | comments | show | ask | jobs | submit login

"Javascript should be used for form validation."

Just to be clear and ensure everyone else understands. Javascript should validate input syntax and make decisions that don't need to be forced onto users. As an example, validate a credit-card matches mod 10 and automatically recognize if it's Visa, Mastercard, etc. Nothing drives me nuts like messing up my card-number only to have to go through an entire HTTP request & response cycle to find out.

What we don't want developers to do is ONLY validate client-side lest they open their back-end to injection vulnerabilities like XSS, SQLi, and CMDi or even name your own price vulnerabilities like we saw early on in the ecommerce space.

Right, actual form validation for security should of course be done on the server to clear up potential confusion.

Form check-pointing is another good example of Javascript use. It has never bothered anyone that a webpage is saving your form on the client or server in the background.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact