Howard Lowndes wrote:
> I think JS has its place and one that comes to mind is in parsing forms
> input prior to a GET or POST. What is wrong with the browser being made
> to perform some attempt at ensuring reasonably clean input to CGI scripts
> instead of making the CGI do all the work.
Good question. What *is* wrong with the web server relying on the browser
to perform input checks?
Just this:
A browser that bypasses JavaScript can submit input to the server that is invalid.
If a GET or POST (method handler) on the web server accepts invalid input without
question, possibly because it assumes that the data has been 'cleaned' by Javascript,
the method will fail / crash / do unpredictable things like reveal customer's
credit card details :(
OTOH, a fully-secured web server cleans all incoming data before processing it,
regardless of what was done on the client side.
cheers,
rickw
-- _____________________________________________ Rick Welykochy || Praxis Services Pty Limited"Yes means No and No means Yes. Delete all files [Y]? "
This archive was generated by hypermail 2.1.1 : Sun Mar 31 2002 - 03:10:04 EST