0

I am new to front end web development and am making a small application where I want to validate that the user has in fact entered a valid URL.

At first thought I figured I should solve this using js but what if the user has js turned off?

Should I instead use HTML5 form validation techniques? Or maybe use both?

I know I could do server side validation but my question is mainly if HTML validation is used in real life applications b/c of possibility of js being turned off? Thanks for the help.

John Paschal
  • 85
  • 2
  • 6
  • 6
    JS / Html (client-side) validation is only used to make the application look better. ___ALWAYS___ use server-side validation (too). – Cerbrus Jun 17 '15 at 14:39
  • 1
    You can check if `JS` is turned off, if so, tell the user to turn it on. it's an option – alexandreferris Jun 17 '15 at 14:39
  • 2
    You always validate the data on server-side. Client-side validation is used only for the convenience of the user, not for the actual verification that the user input is, in fact, valid. The reason for that is what you already mentioned - what if the user has JS off. There are many what-ifs like that one. Bottom line - do the validation on server regardless of what you use for front-end validation. – Mjh Jun 17 '15 at 14:39
  • To be honest most websites wont work without javascript these days, especially with a lot of modern websites making extensive use of angular. It's never a bad idea to do server side validation. I personally do all my validation using html 5 and angular directives – Andre Lombaard Jun 17 '15 at 14:41
  • 6
    @user65439: _"It's never a bad idea to do server side validation."_? That's not quite correct. It's ___always___ a bad idea ___not___ to do server side validation. – Cerbrus Jun 17 '15 at 14:42
  • I believe the OP question is not server-side vs client-side validation, but... which client-side "validation" technique should he use. – light Jun 17 '15 at 15:06
  • yes @light is spot on – John Paschal Jun 17 '15 at 15:18

2 Answers2

1

but what if the user has js turned off?

The same could be said for HTML5 - what if the user is using a browser which doesn't support that?

If you're wanting to process data on the server-side you should always perform server-side validation. Front-end validation is primarily used for reducing server load and making things look smoother. It can be very easily bypassed.

If you're worried the user has JavaScript disabled, you can make use of the noscript element:

<noscript>
    This website relies on JavaScript, which you appear to have disabled. You will not be
    able to use many of this website's features without JavaScript enabled.
</noscript>

The noscript element represents nothing if scripting is enabled, and represents its children if scripting is disabled. It is used to present different markup to user agents that support scripting and those that don't support scripting, by affecting how the document is parsed.

HTML5 Specification: The noscript element

James Donnelly
  • 126,410
  • 34
  • 208
  • 218
  • @TylerH I never said browsers which don't support HTML, I said browsers which don't support HTML5. Internet Explorer 8, for instance, is a browser which is still pretty popular which doesn't support HTML5. Internet Explorer 9 does support HTML5, but doesn't support its form validation features. Etc., etc., etc.. – James Donnelly Jun 17 '15 at 14:45
  • 1
    I'm not sure why this got downvoted... +1 – Cerbrus Jun 17 '15 at 14:45
0

we generally use Javascript to do FORM validation, as you said it's possible that the user has javascript disable but it's extremely rare nowdays since almost every site has some line of javascript and many of theme doesn't work without javascript (think at gmail, google maps and all the web apps out there). It's more common (not so common anyway) that a user has an older browser that doesn't support HTML5 form validation.

In any case check values on the server, the general rule is "never trust the user" :D

wezzy
  • 5,897
  • 3
  • 31
  • 42