Yeah, 'adversarial' isn't exactly the right word; I'm not sure what is.
What I mean is that client side form validation is typically part of a cooperative process - I want to buy something at your store, you want to sell it to me, and smart client side validation can make that faster/easier if I typo something it can catch. It is (or at least should be) mostly aimed at helping the user; your parsing for security is (should be), as you note, on the server.
Scanning photos for [CSAM, thoughtcrime memes, poor taste, whatever] doesn't make the user's life easier, is not something anyone asked to be subjected to, and potentially can lead to a very negative outcome for them.
That's the distinction I was getting at, and yes, your second point is directly relevant there.
What I mean is that client side form validation is typically part of a cooperative process - I want to buy something at your store, you want to sell it to me, and smart client side validation can make that faster/easier if I typo something it can catch. It is (or at least should be) mostly aimed at helping the user; your parsing for security is (should be), as you note, on the server.
Scanning photos for [CSAM, thoughtcrime memes, poor taste, whatever] doesn't make the user's life easier, is not something anyone asked to be subjected to, and potentially can lead to a very negative outcome for them.
That's the distinction I was getting at, and yes, your second point is directly relevant there.