Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@retoor I can modify html of any page though. So I guess enforcing on web page isn't really protection anyway.
-
Javascript should be used on the front-end as progressive enhancement. Its immediate feedback in form validation is valuable to the user experience, and worthless security-wise, which is the opposite on the server. Anyone can sniff the API endpoints via the browser network tab and spoof the requests without going through the HTML/JS validation.
Regarding fuck users with js disabled I disagree in part with OP: if your solution is content-driven the basic display should work without needing JS (eg news site, blog). I never understood the craze about building your own blog fully with client-side React -
@BordedDev svelte can suck my reactive dick real hard until i cum some little components all around your slot.
-
@antigermanist Let me know when you come up with something original ;P (PS svelte is more reactive than react)
-
@Tounai I remember using a framework for php that divided out the model view in a comprehensive way. Codeigniter? Its been a while.
-
@BordedDev can svelte do jsx?
-
To me, that‘s just another hot take to gain people‘s attention. It‘s the same shit times and times again, some dude posts something trying to gaslight people into thinking they can‘t code, only to plug their medium article, n+1th js framework, github repo or whatever. Today I’m making you switch all to SSR, tomorrow you totally need another backend language cause omg it’s 2025 and you’re STILL using P# on BozoLite?! and next week my new super lightweight framework will move all you problems to clientland.
Basic principle of social media and women‘s magazines. -
@Demolishun waiting for NextIgniter to come out and make me rewrite my whole projects.
-
@tosensei of course. Any dev worth their salt knows not to trust whatever comes from the frontend. The server SHOULD always validate data first before doing anything with it.
Frontend form validation is simply UX centric in my opinion. It's not for security whatsover, it's just there to save the user's time by avoiding unnecessary validation roundtrips. -
@null-pointer-ex not just in your opinion. that's just how it is.
and the thing is: if you're alread implementing it in the backend, why double your work by implementing it again in the frontend?
after all, you could just be smart about it and asynchronously check the form. you don't need to reload the whole page. and i doubt the user will notice if the info that "dick" is too short a password comes after 0 oder 100 ms -
@possum what's your problem with bozolite? it's a valid technology
-
@tosensei I wouldn't call front end validation + back end validation a silly double work. Back end validation is always needed because users can always modify the request and send some horrible shit to us. It even can be done without leaving the browser. But validating it on front end beforehand is good too, to improve performance for our normal/good behaving users.
-
@antigermanist svelte can do jsx cuz it just plugging in a preprocessor in webpack
I made svelte do pugjs once but honestly it's just like being nitpicky. svelte makes html fine to use. though I still do think html should just all convert to pugjs natively because the syntax is just nicer -
@tosensei lol you sound so much like a down's person yelling really loudly about their tightly held opinion lmao
-
@tosensei I do notice, and it pisses me off every time I click save/register and the page doesn't respond only to come back 3 seconds later going wahhhh! And also clearing the password field because I dared to use a space somewhere it didn't like.
What only relying on JavaScript for HTML form input validation looks like
Found something true as 1 == 1
Am I going crazy or is the web dev community on some otherworldly drug?
Now "server-side"-whatever is the coolest thing ever?
To the point where client side validation is not recommended anymore and actively discouraged? Are you kidding me? So, you mean to say after filling a long form with millions of fields, the page will RELOAD when I press submit and after waiting an eternity for your shitty server to respond then and only then will I know what fields are invalid?
GTFO with that bullshit.
How in the world is that good UX/UI?
I've always had this theory that we humans are the dumbest species to ever walk this earth. I mean, serisouly, how is this even a thing?
Imagine if a mobile app had to restart to tell you that your email is invalid in a simple form.
But.. but... but... what if the client has disabled javascript? Then fuck them! Who the fuck cares? What's next? Some dumb user is still using Android 2.1 Eclair and we should make our app support them? Fuck no! Fuck them, they should update.
Newsflash, if Javascript is disabled, then pretty much everything will be broken anyway.
Form validation should be instantenous. This isn't rocket science.
It should happen as the user types so they can see what's valid/invalid in real-time.
This does require effort and consideration, something many devs lack apparently.
This is just ridiculous.
rant
web
javascript
ts
js
webdev