We (as new hires) had to add a fallback logic for input validation on every input element using only JSP and Spring controllers just because the client still uses IE6 and fucking disables Javascript!!

Input validation should always be performed server-si​de! You can have it client-side as well to provide instant feedback without reloading, but user input cannot ever be trusted without validation and sanitization on the server.

@andrebreda +1

No problem right ? You need the server side validation anyways.

@g-m-f Not if you supply proper validation measages that clearly indicate whats wrong.

@g-m-f Of course. Instant feedback is good design!