Re: Re: Regex help

you really ought to doublecheck the length on the server too if that's in a form that gets submitted. a user may have javascript turned off, or, if your systems would break on too much input, a (cr|h)acker might manually send you longer input as a DOS.

point is, you should never rely on client-side code to validate forms.

anders pearson // digital samurai
personal      // http://www.columbia.edu/~anders/
weblog       // http://thraxil.dhs.org/

Comment on Re: Re: Regex help

Replies are listed 'Best First'.
Re: Re: Re: Regex help by wardk (Deacon) on Jun 16, 2001 at 04:04 UTC
point is, you should never rely on client-side code to validate forms. I wholehearetdly agree, our use of javascript in this case is to just to prevent a post if the length is out of bounds with a textarea. when the form gets posted, the real validations take place (a fun place where MS word formatting characters are sanitized and fed to oracle) via perl. We also handle forcing/restricting alpha/numerics, etc I inherited the system (on contract), but given the user requirements, I can't see how it could have been done any other way. (the requirements were specifically for popup warnings, which while annoying save posts to the busy server) btw, this being an internal business app, we have only have to code to one browser, netscape 4.x and require javascript. a very controlled environment. there are plenty of other reasons on top of what we're discussing that would disqualify it for general net use. :-)	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Regex help
by wardk (Deacon) on Jun 16, 2001 at 04:04 UTC

point is, you should never rely on client-side code to validate forms.

I wholehearetdly agree, our use of javascript in this case is to just to prevent a post if the length is out of bounds with a textarea. when the form gets posted, the real validations take place (a fun place where MS word formatting characters are sanitized and fed to oracle) via perl. We also handle forcing/restricting alpha/numerics, etc I inherited the system (on contract), but given the user requirements, I can't see how it could have been done any other way. (the requirements were specifically for popup warnings, which while annoying save posts to the busy server)

btw, this being an internal business app, we have only have to code to one browser, netscape 4.x and require javascript. a very controlled environment. there are plenty of other reasons on top of what we're discussing that would disqualify it for general net use. :-)

[reply]