A good point. Most modern browsers will have Javascript enabled, so it's generally not such a problem, though. A significant percentage of sites won't work at all without Javascript enabled. Many shopping carts use Javascript, most forms use Javascript for validation, and many sites use Javascript to pop up windows at an appropriate size - I normally consider this beneficial - apart from the pop-ups from free hosting and warez sites. That said, I'm not suggesting that you can avoid server-side validation - rather that it is much faster to at least try to handle things like this. Given that many visitors are liable to be on a dial-up connection, they don't really want to have to wait nearly a minute to get a response that they entered an invalid character. Even on a T1 the delays from going server-side for things like this can be annoying because it's unnecessary. Both Python and Javascript (1.2) have regular expressions, so you can work out the right validation expression and use it both client and server-side anyway. David ----- Original Message ----- From: "Stephane Bortzmeyer" <bortzmeyer@pasteur.fr> To: "David Burton" <eloquence@eloquent-designs.f2s.com> Cc: <zope@zope.org> Sent: Tuesday, March 13, 2001 8:20 AM Subject: Re: [Zope] How to check if a string contains some characters??
On Monday 12 March 2001, at 17 h 31, the keyboard of "David Burton" <eloquence@eloquent-designs.f2s.com> wrote:
A better idea would normally to try to handle invalid values before it reaches ZOPE. Something like this is usually best handled by Javascript verification.
Bad idea: what if the browser does not have JavaScript or decided to switch it off (because he dislikes pages which resizes the browser or popup when you leave)?
JavaScript is a convenience for users: you are informed that something is wrong before you hit Submit. But the server MUST test anyway. (Think of security issues if all the checking is client-side.)