Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I was about to upload the same image, this is the best explanation of js validation
-
tytho23168yI actually had a real use case to exploit this. My family was booking their Disney cruise. My Grandma signed up super early and selected her boarding time at 11:00pm. By the time we got around to signing up, everything before 2:00 was booked. So I enabled the checkbox of the time I wanted, selected it, and it let me continue on my merry way. Tickets that printed out had the time I wanted that was supposed to be disabled. Did the same thing for the rest of my family. That's what you get for not putting in server side validation. Turns out people just showed up whenever they wanted anyway.
-
@tytho Happened to me to, except it was for a university exam sign-up. After the sign-up deadline had expired all they did was disable the "Send" button. LOL.
-
What about the new Emergency service number for nicer ambulances, faster response times and better looking drivers?
-
@Fathewa It doesn't work :') You always need server side validation, otherwise people can submit whatever they want, either by manipulating the javascript on their machine, or just submitting their own http requests. It's a pretty easy exploit
-
yakooza2365yThis is the exact thing my university's website did. I order as much pizzas as i want from self service while the limit is 1 :D
-
exerceo11982yActually, the user could dial "1191" or some other combination too. But the point remains nonetheless, and those numbers would not be useful anyway. Brilliant analogy.
-
More like:
What relying to js for anything would like (if only js wasn't the only available thing to do webdev today)
Related Rants
What only relying on JavaScript for HTML form input validation looks like
undefined
html
funny
web development
js