What only relying on JavaScript for HTML form input validation looks like

  • 20
    Best way to describe it that I've seen!
  • 18
    I truly wish I could up-vote this more than once. It deserves it
  • 5
    I was about to upload the same image, this is the best explanation of js validation
  • 80
    I actually had a real use case to exploit this. My family was booking their Disney cruise. My Grandma signed up super early and selected her boarding time at 11:00pm. By the time we got around to signing up, everything before 2:00 was booked. So I enabled the checkbox of the time I wanted, selected it, and it let me continue on my merry way. Tickets that printed out had the time I wanted that was supposed to be disabled. Did the same thing for the rest of my family. That's what you get for not putting in server side validation. Turns out people just showed up whenever they wanted anyway.
  • 1
  • 5
    I was the 666th upvote.. ̫
  • 7
    @tytho Happened to me to, except it was for a university exam sign-up. After the sign-up deadline had expired all they did was disable the "Send" button. LOL.
  • 8
    *Dials 119*
  • 2
    @Kaji * dials 919191999191919191919191 *
  • 0
    If it works, why not!
  • 2
    What about the new Emergency service number for nicer ambulances, faster response times and better looking drivers?
  • 2
    @Fathewa It doesn't work :') You always need server side validation, otherwise people can submit whatever they want, either by manipulating the javascript on their machine, or just submitting their own http requests. It's a pretty easy exploit
  • 3
    This is the exact thing my university's website did. I order as much pizzas as i want from self service while the limit is 1 :D
  • 1
    Fucking crazy! xD, human inventive always surprises me...
  • 0
  • 1
    Actually, the user could dial "1191" or some other combination too. But the point remains nonetheless, and those numbers would not be useful anyway. Brilliant analogy.
  • 2
    More like:

    What relying to js for anything would like (if only js wasn't the only available thing to do webdev today)
  • 0
    Tickets that printed out had the time I wanted that was supposed to be disabled.
  • 0
  • -1
    that's funny
Add Comment