Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The regular expression pattern checking is pretty awesome. I'll disagree though where they say you don't need any more server side validations. You can easily remove / change the pattern value in the DOM. Which begs the question, what's the integrity of client-side testing if it cam be bypassed so easily?


anything client-side is never about security or consistency since no matter what you do, anybody can always send you any data they want.

client side validity checking is about the user experience, I mean if the user is doing something wrong you can guide them to the right direction without the need of server interaction and server interaction is always slower that one line of client side code.


Good point about user experience. Are there any tools you use specifically to test ux that isn't manual?


You can use Selenium. Second link is an example of using it within the Play Framework (scroll to the bottom of the page).

[1] http://code.google.com/p/selenium/?redir=1 [2] http://www.playframework.com/documentation/2.1.1/ScalaFuncti...


sorry, I don't know such tools.


Yes, you are right you really need the server-side part to prevent bad things.


Client side validation is about UX and server load, not security.


The service/business tier should never trust the integrity of the front-end or the data it's sending.

Bounds checking and validation on the server will never go away...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: