0

I have a form which has parts which are changed with jQuery. These parts will affect the price which the end user is paying, so has to be accurate. Should I do things like this without javascript? How many people have js disabled or don't support it?

Bill
  • 3,478
  • 23
  • 42
  • 8
    Your price should never be controlled by anything in the markup, because I can open my panel and change whatever I want. – Chad Apr 10 '13 at 14:28
  • 11
    You have to make sure that your server-side code validates all the submissions, because you absolutely cannot trust the client side code. – Pointy Apr 10 '13 at 14:29
  • Pointy has the right jist here, feel free to put advanced client side functionality into your app, in fact I positively encourage it. Just validate the stuffing out of it when it reaches your controller/server side code. – Moby's Stunt Double Apr 10 '13 at 14:31
  • 1
    Never let the client send price information to the server. They may manipulate product selection, options, etc. which will change the price, but that price should be computed independently on the server and in JavaScript. – Blazemonger Apr 10 '13 at 14:35
  • @Blazemonger It's things like shipping so no worries about this. – Bill Apr 10 '13 at 14:39
  • @Pointy I have used a plugin (wp e commerce) so I'm not really in control of the server side stuff. Even so, the submissions will be definitely be valid, I'm just worrying about them being wrong. For instance one field I am changing with js is a shipping location. – Bill Apr 10 '13 at 14:40
  • @BillyMathews, even if it's just shipping, shipping costs money. What about the Wordpress solution keeps you from validating your pricing logic server-side? If you absolutely, positively feel you need to leave pricing in the hands of Javascript, make sure to add terms and conditions stating that the site owner reserves the right to cancel orders at their discretion. Remember, online orders are legally binding contracts. See [Oops! The Legal Consequences of and Solutions to Online Pricing Errors](http://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/354/vol1_no1_art2.pdf) – thirdender Apr 10 '13 at 14:56
  • @thirdender Even if I could/can be bothered to implement server side validation it wouldn't be of any help, as the submission would still be valid, by definition. – Bill Apr 10 '13 at 14:59
  • But thanks for the link, good tip. – Bill Apr 10 '13 at 15:07

1 Answers1

3

I would venture to say that using progressive enhancement this shouldn't be a hindrance as those with JavaScript can have a richer experience without neglecting other users.

But the finer point is that it depends on the logic involved and your client. If you have parameters such as tax, shipping etc. which depend on the User properties on the server-side (and assuming that you don't have access to these on the client) then it is worth the round trip.

Look at your site analytics to understand your target audience - even within the same e-commerce shops the audience can vary from iPads to IE6 from site to site.

Take a look at this SO question for how to detect users who have JS disabled How to detect if JavaScript is disabled?

Community
  • 1
  • 1
Peter
  • 4,493
  • 6
  • 41
  • 64