DEV Community

Discussion on: Using Array.Reduce to Streamline Your JavaScript Object Validations

Collapse
aleksandrhovhannisyan profile image
Aleksandr Hovhannisyan

Note: the name and password length validation can be done with HTML alone. No need for JavaScript. See the minlength attribute.

Collapse
turbopasi profile image
Pascal Lamers

Good point - but i d like to think that this is also for server side validation. My rule of thumb: validate on the frontend for comfort , validate on the server for security .

Collapse
ziizium profile image
Habdul Hazeez

My thought exactly.

Collapse
ziizium profile image
Habdul Hazeez • Edited on

HTML and JavaScript validation can be bypassed easily using the Developer Tools. If you plan on sending any data from the frontend to the server-side, you have to perform layered validation.

With the HTML then the JavaScript and finally the server-side. If they get past the first two, unless there is a hole in the server-side validation they are not getting past that.

Better still use a whitelist and deny any input that is not on this list.

Collapse
spock123 profile image
Lars Rye Jeppesen

Frontend form validation is not done for security, it's for user experience.

Backend validation is security, ideally frontend validation should be so good that non-malign users will mostly never hit those backend validation errors.

Imho frontend and backend validations serve completely different purposes and cannot directly be compared.

Thread Thread
ziizium profile image
Habdul Hazeez

Frontend form validation is not done for security, it's for user experience.

Frontend form validation is a mixture of good user experience with security in mind.

Thread Thread
spock123 profile image
Lars Rye Jeppesen

Respectfully, frontend validation has absolutely zero to do with security.