1

I have a login and signup forms i handle validation with JS like showing user messages if email isnt in the right form also minimum characters number etc , the question is as everyone says we must add a server side validation to stay safe from the case user changed or disabled JS in browser , but does that means i dont need and its impossible to show this errors to client side in case he disabled JS cause its disabled ? in general do you write some logic code for that kind of simple form validation errors to user , or this validation errors are only important for developer? if user disabled JS i think react app wont work either so that doesnt make sense and thats what i see

enter image description here

Improve this question
3
  • 1
    JS is the language of the web. Anyone who disables it knows that lots and lots of things won't work so it's not likely you will find very many who do these days. Adding a <noscript> element to advise them they need it is the best recourse. As for showing errors, that's certainly a must or how would they know what to fix? Commented Jul 19, 2020 at 1:02
  • @charlietfl <noscript> is needed in reactjs app too ?, i need to add it only one time in inex.html? Commented Jul 19, 2020 at 1:13
  • 1
    Correct...just once in index.html Commented Jul 19, 2020 at 1:14

2 Answers 2

Reset to default
1

The Server validations are just there to make sure that you are safe that basically means you should not rely on the front-end validations at all. However, you can validate the request with Clientside/JS as well so you won't need an extra call to API to validate the inputs.

In-case of disabled Javascript, you may ask the user to enable or otherwise, you will not be notified of any error.

 <noscript>
    <span style="color:red">JavaScript is not enabled!</span>
</noscript>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Server-side validation is must-have. It must be implemented always as it's only guaranteed it cannot be skipped.

Client-side validation is just for user's comfort, he doesn't need to send a request as basic mistakes can be catch during inputting data. Remember that it can be skipped easily within a common browser, so you cannot rely on its safety.

Always best solution is combining both: client-side for comfort and server-side for security.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.