...

View Full Version : Input filtering with Ajax



1andyw
08-07-2007, 01:04 PM
Hi,

Input filtering using javascript can be avoided by simply turning off javascript.

Since ajax doesn't work with javascript turned off, is the practice of input filtering with javascript secure in an ajax application?

Andy

mcjwb
08-07-2007, 01:48 PM
No, someone could still create a normal html form that referenced your form handling script, therefore bypassing your pages completely.

Always do input validation server side, validation on the client should always be considered as a user aid not a security measure.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum