我应该依靠客户端验证到什么程度？ [英] To what extend should I rely on client-side validation?

问题描述

我有一个冗长的形式，大量使用客户端验证（用jQuery编写）。为了防止用户使用已禁用的JavaScript提交表单，我添加了一个隐藏字段，该字段由jQuery填充javascript_enabled值。如果在浏览器中禁用了JS，则该字段将留空并且不会提交表单。

I have a lengthy form which heavily uses client-side validation (written in jQuery). To prevent users with disabled JavaScript submitting the form, I have included a hidden field which is populated with "javascript_enabled" value by jQuery. If JS is disabled in the browser, then the filed is left blank and the form will not be submitted.

问题是 - 这是否足够，我应该感到安全，或者我是否也必须为每个字段包含服务器端验证？

The question is - is this enough and I should feel safe, or do I have to include a server side validation for every field too?

推荐答案

否。客户端验证仅用于方便用户，而不是保护您的服务器。

No. Client side validation is only here for the comfort of the user, not to protect your server.

用户可以轻松更改所有客户端操作。

All client side actions are easy for the user to change.

为保护您的服务器，您必须添加服务器端验证。

To protect your server you MUST add server side validation.

这篇关于我应该依靠客户端验证到什么程度？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！