Log in   Register a New Account

Accessify Forum - Discuss Website Accessibility

New to the forum?

Only an email address is required.

Register Here

Already registered? Log In

RNIB Web access seminars

Reply with quote Oh hell!

I missed this when it came up - was going through an incredibly busy spell back then. But since this sits here for anyone to come and read, I'm going to address it now, even though it's 2 years old.

It was, I think, in one of the seminars that I ran, that I discussed this issue of client-side vs server-side validation.

I did NOT suggest passing stuff through to server-side processing purely on the basis of setting a flag client-side. Despite what some of you seem to think about RNIB's web access team, we're not that clueless!

What I suggested was, first, that form validation should ideally be carried out server-side. Then second, if one really wanted to use client-side validation, you needed to consider how to handle form submissions from people using a non-JavaScript browser or one where JavaScript has been switched off for whatever reason. The most often raised concern about using server-side validation is the additional load that might place on web servers on high volume sites.

So I then suggested the possibility of using a flag to indicate to the server-side script receiving the form submission that some client-side validation had already taken place. I thought I made it clear, though at this far remove from the actual event I'll accept the possibility that I didn't, that the idea was to bypass some of the server-side validation processes, and thus minimise the impact on server loading, but I'm sure I said "and pass the submission directly to the security processes in place on the server", or something similar.

I was not advocating simply passing stuff through to the innards of your server-side processes without ensuring that it doesn't contain anything malicious!!!!!

Would have been nice if JohnG had spoken up with his concern during the seminar itself so I could have addressed it then, or at least emailed us to let us know about this post at the time. Oh well...

Donna Smillie / Senior Web Accessibility Consultant, RNIB
Web Access Centre / WAC Blog

Display posts from previous:   

Page 2 of 2

Goto page Previous  1, 2

All times are GMT

  • Reply to topic
  • Post new topic