Performance is likely to be the last thing you'll be worried about if someone sneaks malicious input past your validation.
Client-side form validation is just plain /wrong/! Never trust input you get back from a client. Never. Brantley > -----Original Message----- > From: Nadia Kunkov [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 30, 2004 9:58 AM > To: Struts Users Mailing List > Subject: RE: Validate() vs JavaScript where is the advantage? > > Thanks for the replies. > Have you ever noticed a performance difference though? > Is it significant? > Nadia > > > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of Jeff Beal > Sent: Thursday, September 30, 2004 9:14 AM > To: [EMAIL PROTECTED] > Subject: Re: Validate() vs JavaScript where is the advantage? > > > Nadia Kunkov wrote: > > Hi, > > I'm wondering if I should use validate() method of ActionForm instead of > JavaScript to validate the form. I can see the advantage of validate() > when you have an internationalized application, but otherwise why would I > have an overhead of going back to the server when I can do the validation > on the client side? I'm a struts newbie so I might not see the advantage > of validate yet, so can someone tell me why JavaScript would be an > inferior choice ( when internationalization is not an issue ). > > > > Thanks > > NK > In short, you don't have control over your users' environment. They > could be running old browsers; they could have JavaScript disabled; they > could be running a browser with non-standard JavaScript support; their > browser could be buggy. Malicious users could even manually assemble > HTTP requests with invalid data. > > By using server-side validation, you take control over all of the data > coming into your web application. If you leave validation to the > browser, there is always the chance that bad data is going to sneak into > your system and do something that you don't expect. > > -- Jeff > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
