www.webdeveloper.com
Results 1 to 13 of 13

Thread: Bypassing Javascripts

  1. #1
    Join Date
    Mar 2007
    Posts
    156

    Question Bypassing Javascripts

    Hi all,
    Im hoping someone can support me with my question..

    I have an asp page that has an application form and a user fill it in and the application comes to me for approval.

    I use javascript to validate the textboxes in the form to ensure correct data input from the user and on the whole its working fine..

    But I have a user who truns off javascript or a bot and all the javascript is useless and the applications get sent to me with missing or wrong details etc...

    How can I validate such a form if a user does this?

    Im guessing they are trying to access the site and not have to log in or are up to no good im just not sure but can I prevent this?

    Can I add code to the page that says if javascript is disbled in the browser bounce to a page or something similar?

    Any thoughts are appreciated.
    T :-)

  2. #2
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,279
    Up to no good? Not at all. I always surf the internet with JavaScript turned off. Sites load much faster and I'm free from certain annoyances. And it could be that other user is blind or otherwise disabled and using an adaptive browser that doesn't support JavaScript.

    It is you responsibility to make sure that the site works well with and without JavaScript. Here your solution is simple. Give your form a hidden field with the name "validated" and have your JavaScript validation set the value of "validated" to true. When your script receives the form it can check the value of that field and know if server side validation is required. Another method is to give the form an action that points to your server side validation but have the JavaScript validation change that action as appropriate.
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

  3. #3
    Join Date
    Mar 2009
    Location
    Yorkshire
    Posts
    266
    try
    Code:
    <noscript>code here</noscript>
    or do the validating server side(with your asp)

  4. #4
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,279
    Quote Originally Posted by ryanlund View Post
    or do the validating server side(with your asp)
    You don't want to think of this as an either/or (with apologies to Kierkegaard). The people who do use JavaScript would be poorly served if you did the validating server side. The trick is to do it both places, one or the other as required. JavaScript is like that. It's great when it works just have a back up ready for when it doesn't.
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

  5. #5
    Join Date
    Mar 2009
    Location
    Yorkshire
    Posts
    266
    Personally i would never do my validation on the client side, its completely pointless and i believe often looks tacky and unprofessional.

  6. #6
    Join Date
    Mar 2005
    Location
    Sydney, Australia
    Posts
    7,974
    Client side validation is for the convenience of your visitor in making it easier for them to spot and fix errors in what they enter.

    Server side validation is there for the site owner so as to ensure that the information that is entered is what is required.

    As they serve two different purposes you will usually need to include both.

  7. #7
    Join Date
    Mar 2009
    Location
    Yorkshire
    Posts
    266
    well whatever moves your furniture....i dont intend to change the way i do things any time soon

  8. #8
    Join Date
    Nov 2002
    Location
    Baltimore, Maryland
    Posts
    12,279
    A bit of an inflexible position, but at least you're sticking with the method that actually works.
    “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.”
    —Tim Berners-Lee, W3C Director and inventor of the World Wide Web

  9. #9
    Join Date
    Aug 2007
    Posts
    3,767
    Quote Originally Posted by ryanlund View Post
    It's completely pointless.
    No it isn't. It is a way of saving the user time because the page doesn't have to be reloaded. I particularly like it when checking whether user names are available, and whether all required fields are filled in.
    Quote Originally Posted by ryanlund View Post
    I believe [it] often looks tacky and unprofessional.
    Depends on the implementation, has nothing to do with the concept.

  10. #10
    Join Date
    Mar 2007
    Posts
    156
    Thanks guys,

    I think I follow but you guys seem to differ?
    At present I use JS to make sure the user adds what I want and also I have some Ajax to do a background check on username and email address added so as not to alow duplicates and do all the checking on the same page as the user types to save sending the user to a new page or reloading the page...

    If JS is off on the browser none of this will work so Am I right in thinking that I have to do some server side scripts that back up my JS in this event?

    I did think I was being rather clever with the Ajax as it searches as the user types and if the user name etc are taken it tells them, but all of this is all worthless if JS is disabled.

    Im a bit puzzled as to the best method?

    Do any of you guys have any examples of similar forms and script?

    Thanks again for all comments. :-)
    T

  11. #11
    Join Date
    Mar 2007
    Posts
    156

    Question

    Quote Originally Posted by ryanlund View Post
    try
    Code:
    <noscript>code here</noscript>
    or do the validating server side(with your asp)
    Hi,
    Thanks for your reply,
    Ive never used <noscript></noscript> tags beofre but after reading your post I see its for browsers that do not have the JS enabled..

    Could I do this on my page

    <noscript>
    <%response.redirect("somepages.asp")%>
    </noscript>

    If I have understood this will bounce anyone with no java script enabled to a page of my choosing and therfore stop them hitting the submit button on my form?

    Or am I way off?

    Thanks again
    :-)

  12. #12
    Join Date
    May 2009
    Posts
    150
    That's mixing client and server side in a way in which they can't be mixed. What you need is BOTH. Use the JavaScript as a clever convenience thing to check if the name is taken, but then check if they're using a valid name on the server as well. You should do this with ALL forms, the clients are not to be trusted, otherwise someone could easily alter the JS and submit a name which is already taken, and if you're not checking server side then you'll mess things up.

    Write your site, get it fully working THEN add the JavaScript, don't try integrate it from the start (although design with it in mind). That way you know the site and validation work without JavaScript, but you can use the JS to add extra bits of convenience for those who want them.

  13. #13
    Join Date
    Mar 2007
    Posts
    156

    Thumbs up

    Quote Originally Posted by Y_Less View Post
    That's mixing client and server side in a way in which they can't be mixed. What you need is BOTH. Use the JavaScript as a clever convenience thing to check if the name is taken, but then check if they're using a valid name on the server as well. You should do this with ALL forms, the clients are not to be trusted, otherwise someone could easily alter the JS and submit a name which is already taken, and if you're not checking server side then you'll mess things up.

    Write your site, get it fully working THEN add the JavaScript, don't try integrate it from the start (although design with it in mind). That way you know the site and validation work without JavaScript, but you can use the JS to add extra bits of convenience for those who want them.
    Thanks :-)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles