Is JavaScript validation bad?

Is JavaScript validation worth of it?

Yes, as it provides a better user experience and preserves bandwidth.

Should we ever use it now?

Yes, for the aforementioned reasons.

Are there any solutions to this?

Yes, use server-side validation as well.


What if the user (or probably a bad guy) disables javascript?

As said before: Simply do not rely on the client. Never do so. Check everything on the server again.

Should we ever use it now?

Yes - so the user immediately sees what's wrong. Otherwise he had to post back the data first which may take a while. By the way you reduce traffic to your server.

It's simply more inuitive.

//EDIT: BTW: The ASP.NET ValidationRules contain both client-side and server validation as far as I know.


Javascript validation is good because it provides a better user experience.

You should however never rely on it and should validate on the server regardless.


If you're looking to save time, go with server-side only. If you want better performance and user experience, add client-side validation afterward. Never rely on client-side validation, for the reasons you state. All critical validation should occur on the server ... even if duplicated on the client.


JavaScript improves user interaction for your product or service. Users interaction (user input and machine response or vice versa) is a vital characteristic of our applications. As we all experienced, products are getting more interactive ever than before. And this interaction part can (only) be crafted in JavaScript (ActionScript for Flash Player). We would all agree with this - there is always a calculated amount of work that can be transited to the client side (machine) to avoid calls without bothering them to send to the server(s). There are many many applications which are heavily dependent on client-script scripting. And if they found you do not allow required scripting they asked for it leaving a message in noscript tag. But I think everyone wants to have it enabled as we all fire up a tab with Gmail, Facebook, etc.

However, this still should not be ignored as we are keen to grap every single opportunity (audience/customer) and work with is at least better than falling apart. It still works!

As a Microsoft Development Platform user, there is a convenient solution on .NET platform. That don't require dual effort on such issues. Make use of your client-side validation while scripting is disabled by using Page.Validate() and Page.IsValid.

protected void Page_Load(object sender, EventArgs e)
{
    if (Page.IsPostBack) {
        Page.Validate(); // If you missed, then you got the second chance ...
    }
}

protected void btnSubmit_Click(object sender, EventArgs e)
{
    if (Page.IsValid) { // Confirm you do a proper validation before moving to perform any process
        Response.Write("Done!");
    }
}

I hope this will help.