/    Sign up×
Community /Pin to ProfileBookmark

Bypassing Javascripts

Copy linkTweet thisAlerts:
May 25.2009

Hi all,
Im hoping someone can support me with my question..

I have an asp page that has an application form and a user fill it in and the application comes to me for approval.

I use javascript to validate the textboxes in the form to ensure correct data input from the user and on the whole its working fine..

But I have a user who truns off javascript or a bot and all the javascript is useless and the applications get sent to me with missing or wrong details etc…

How can I validate such a form if a user does this?

Im guessing they are trying to access the site and not have to log in or are up to no good im just not sure but can I prevent this?

Can I add code to the page that says if javascript is disbled in the browser bounce to a page or something similar?

Any thoughts are appreciated.
T πŸ™‚

to post a comment
JavaScript

12 Comments(s) ↴

Copy linkTweet thisAlerts:
@CharlesMay 25.2009 β€”Β Up to no good? Not at all. I always surf the internet with JavaScript turned off. Sites load much faster and I'm free from certain annoyances. And it could be that other user is blind or otherwise disabled and using an adaptive browser that doesn't support JavaScript.

It is you responsibility to make sure that the site works well with and without JavaScript. Here your solution is simple. Give your form a hidden field with the name "validated" and have your JavaScript validation set the value of "validated" to true. When your script receives the form it can check the value of that field and know if server side validation is required. Another method is to give the form an action that points to your server side validation but have the JavaScript validation change that action as appropriate.
Copy linkTweet thisAlerts:
@ryanlundMay 25.2009 β€”Β try <noscript>code here</noscript>
or do the validating server side(with your asp)
Copy linkTweet thisAlerts:
@CharlesMay 25.2009 β€”Β or do the validating server side(with your asp)[/QUOTE]You don't want to think of this as an either/or (with apologies to Kierkegaard). The people who do use JavaScript would be poorly served if you did the validating server side. The trick is to do it both places, one or the other as required. JavaScript is like that. It's great when it works just have a back up ready for when it doesn't.
Copy linkTweet thisAlerts:
@ryanlundMay 25.2009 β€”Β Personally i would never do my validation on the client side, its completely pointless and i believe often looks tacky and unprofessional.
Copy linkTweet thisAlerts:
@felgallMay 25.2009 β€”Β Client side validation is for the convenience of your visitor in making it easier for them to spot and fix errors in what they enter.

Server side validation is there for the site owner so as to ensure that the information that is entered is what is required.

As they serve two different purposes you will usually need to include both.
Copy linkTweet thisAlerts:
@ryanlundMay 25.2009 β€”Β well whatever moves your furniture....i dont intend to change the way i do things any time soon
Copy linkTweet thisAlerts:
@CharlesMay 25.2009 β€”Β A bit of an inflexible position, but at least you're sticking with the method that actually works.
Copy linkTweet thisAlerts:
@Declan1991May 25.2009 β€”Β It's completely pointless.[/QUOTE]
No it isn't. It is a way of saving the user time because the page doesn't have to be reloaded. I particularly like it when checking whether user names are available, and whether all required fields are filled in.I believe [it] often looks tacky and unprofessional.[/quote]Depends on the implementation, has nothing to do with the concept.
Copy linkTweet thisAlerts:
@TagUK2006authorMay 25.2009 β€”Β Thanks guys,

I think I follow but you guys seem to differ?

At present I use JS to make sure the user adds what I want and also I have some Ajax to do a background check on username and email address added so as not to alow duplicates and do all the checking on the same page as the user types to save sending the user to a new page or reloading the page...

If JS is off on the browser none of this will work so Am I right in thinking that I have to do some server side scripts that back up my JS in this event?

I did think I was being rather clever with the Ajax as it searches as the user types and if the user name etc are taken it tells them, but all of this is all worthless if JS is disabled.

Im a bit puzzled as to the best method?

Do any of you guys have any examples of similar forms and script?

Thanks again for all comments. :-)

T
Copy linkTweet thisAlerts:
@TagUK2006authorMay 25.2009 β€”Β try <noscript>code here</noscript>
or do the validating server side(with your asp)[/QUOTE]

Hi,

Thanks for your reply,

Ive never used <noscript></noscript> tags beofre but after reading your post I see its for browsers that do not have the JS enabled..

Could I do this on my page

<noscript>

<%response.redirect("somepages.asp")%>

</noscript>

If I have understood this will bounce anyone with no java script enabled to a page of my choosing and therfore stop them hitting the submit button on my form?

Or am I way off?

Thanks again

:-)
Copy linkTweet thisAlerts:
@Y_LessMay 26.2009 β€”Β That's mixing client and server side in a way in which they can't be mixed. What you need is BOTH. Use the JavaScript as a clever convenience thing to check if the name is taken, but then check if they're using a valid name on the server as well. You should do this with ALL forms, the clients are not to be trusted, otherwise someone could easily alter the JS and submit a name which is already taken, and if you're not checking server side then you'll mess things up.

Write your site, get it fully working THEN add the JavaScript, don't try integrate it from the start (although design with it in mind). That way you know the site and validation work without JavaScript, but you can use the JS to add extra bits of convenience for those who want them.
Copy linkTweet thisAlerts:
@TagUK2006authorMay 26.2009 β€”Β That's mixing client and server side in a way in which they can't be mixed. What you need is BOTH. Use the JavaScript as a clever convenience thing to check if the name is taken, but then check if they're using a valid name on the server as well. You should do this with ALL forms, the clients are not to be trusted, otherwise someone could easily alter the JS and submit a name which is already taken, and if you're not checking server side then you'll mess things up.

Write your site, get it fully working THEN add the JavaScript, don't try integrate it from the start (although design with it in mind). That way you know the site and validation work without JavaScript, but you can use the JS to add extra bits of convenience for those who want them.[/QUOTE]

Thanks :-)
Γ—

Success!

Help @TagUK2006 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 β€” BETA 5.4,
whats_new: community page,
up_next: more Davinciβ€’003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinciβ€’003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...