blocks|key|3209097|text|不，这是不可能的，原因有很多：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3209098|你的客户的浏览器可能不支持Javascript，或者用户可能已经禁用了它(是的，有些人do).|3209099|Security.一个web应用程序向整个互联网公开了一个|unordered-list-item|offset|length|style|BOLD|3209100|Accessibility.接口。你甚至不需要有一个浏览器来发送HTTP请求！因此，您的后端需要将任何HTTP请求视为不受信任的，并对其进行验证。对于来自不可靠来源的所有数据都是如此。|3209101|3209102|3209103|因此：|3209104|对于任何正确的web应用程序，服务器端验证都是必不可少的。|3209105|客户端验证是一种UI增强，它的存在是为了通过提供更快的反馈来改善用户体验。|3209106|entityMap^0|0|0|0|9|0|0|E|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|X|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|Y|8|@$G|Z|H|10|I|J]]|9|@]|A|$]]|$1|K|3|L|5|F|7|11|8|@$G|12|H|13|I|J]]|9|@]|A|$]]|$1|M|3|-4|5|6|7|14|8|@]|9|@]|A|$]]|$1|N|3|-4|5|6|7|15|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|16|8|@]|9|@]|A|$]]|$1|Q|3|R|5|6|7|17|8|@]|9|@]|A|$]]|$1|S|3|T|5|6|7|18|8|@]|9|@]|A|$]]|$1|U|3|-4|5|6|7|19|8|@]|9|@]|A|$]]]|V|$]]

Nay, that's not possible for a number of reasons:

<ul>
<li>Accessibility. Your customer's browser might not support Javascript, or the user might have disabled it (yes, some people do).</li>
<li>Security. A web application exposes an HTTP interface to the whole internet. You don't even need to have a browser to send HTTP request in the first place! Hence, your backend needs to treat any HTTP request as untrusted and validate it. This is true for all data which comes from an untrustable source.</li>
</ul>

Hence:

Server-side validation is a must for any correct web application.

Client-side validation is an UI enhancement which exists to make the user experience better by providing faster feedback.

blocks|key|1484156|text|您可以在默认情况下禁用该按钮，然后让JavaScript重新启用它。然而，这并不能阻止用户自己重新启用它，可能使用跨站点脚本注入，或者更实际地使用FireBug或浏览器默认内置的开发人员工具之一。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1484157|我强烈建议同时使用客户端和服务器端验证，这既是为了用户体验，也是为了系统的完整性和安全性。如果你根本没有时间同时做这两件事，那么服务器端肯定是优先的。验证的客户端是一个很好的东西，旨在使它对用户更好；不幸的是，当涉及到破坏代码时，用户可能不会对您的代码有同样的感觉。|1484158|总是有服务器端的验证。:)|1484159|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

You could disable the button by default, and then have JavaScript re-enable it. This however doesn't stop the user from re-enabling it themselves potentially using a cross-site script injection, or more realistically using something like FireBug or one of the browsers default built in developer tools.

I would strongly recommend having both client and server side validation, both for the user experience, and the integrity and security of your system. If you simply don't have time for both, then server-side definitely takes priority. The client-side of validation is a nicety aimed at making it nicer for the user; sadly users might not feel the same way about your code when it comes to breaking it.

Always have server-side validation. :)

blocks|key|1794648|text|在服务器中检查的原因也是恶意用户可以手动向您的服务器发送手工创建的POST或GET请求，而不管这些表单是否存在于您的应用程序中或在您的浏览器中被禁用。仅禁用表单不足以解决此问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1794649|1794650|但是，如果您仍然希望在非JS浏览器中禁用这些表单，那么您可以默认禁用它们，然后在JS上启用它们。|1794651|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|G|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|H|8|@]|9|@]|A|$]]|$1|C|3|D|5|6|7|I|8|@]|9|@]|A|$]]|$1|E|3|-4|5|6|7|J|8|@]|9|@]|A|$]]]|F|$]]

The reason for checking things in the server as well is that a malicious user can send manually crafter POST or GET requests to your server, irrespective if those forms exist in your application or are disabled in your browser. Only disabling the forms would not be enough to solve this issue.

<hr>

If you still want to disable the forms in non JS browsers though, what you could do is disable them by default and enable them on the JS.

blocks|key|1484270|text|你不需要重新发明轮子。有很多工具可以使用JavaScript进行验证。例如，检查jQuery验证插件；您可以用几行代码验证一个表单。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1484271|http://docs.jquery.com/Plugins/Validation|offset|length|1484272|关于服务器端验证，您应该始终对服务器上的数据进行+validations。JavaScript验证旨在防止用户出错，但它们根本不会为您的系统提供任何安全性。|1484273|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|15|0|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|P|8|@]|9|@$D|Q|E|R|1|S]]|A|$]]|$1|F|3|G|5|6|7|T|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|U|8|@]|9|@]|A|$]]]|I|$J|$5|K|L|M|A|$N|C]]]]

You don't to reinvent the wheel. There are plenty of tools out there to validate using JavaScript. Check the jQuery validation plugin for instance; You can validate a form with a couple lines of code.

<a href="http://docs.jquery.com/Plugins/Validation" rel="nofollow">http://docs.jquery.com/Plugins/Validation</a> 

With regards to the server side validations, you should always validate your data on the server. JavaScript validations are meant to prevent user mistakes but they don't offer any security to your system at all.

I am trying to create a validated registration form for my website and am currently coding up a demo of it for practice. I was able to validate the form using javascript. However, I read somewhere that forms should be validated both client and server side because JS can be disabled. I was wondering if there is a way to simply disable the submit button if all javascript validations aren't satisfied (I noticed that eBay uses a similar method with their registration forms) and if so, how would I go about accomplishing this?

This is where I am at so far:

<pre><code>&lt;script type="text/javascript"&gt;
function validateEmail(email) { 

 var re = /^(([^&lt;&gt;()[\]\\.,;:\s@\"]+(\.[^&lt;&gt;()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;

 if(re.test(email)) {
 document.getElementById('result').innerHTML = '&lt;img src="http://iconlet.com/icons/kensaunders/4/CheckMark.png" style="width:15px;"/&gt; Valid';
 } else {
 document.getElementById('result').innerHTML = '&lt;img src="http://biglistbigsales.com/m/templates/GPT/images/x_xMarkRed4.png" style="width:15px;"/&gt; Invalid';
 }
} 
function validatePass(pass){
 if(pass.length &lt; 6){
 document.getElementById('pass-result').innerHTML='&lt;img src="http://biglistbigsales.com/m/templates/GPT/images/x_xMarkRed4.png" style="width:15px;"/&gt;Your password must be at least 6 characters';
 }else{
 document.getElementById('pass-result').innerHTML='&lt;img src="http://iconlet.com/icons/kensaunders/4/CheckMark.png" style="width:15px;"/&gt;valid';
 }
}
function validateCPass(cpass){
 var pass = document.getElementById('pass').value;

 if(cpass != pass){
 document.getElementById('cpass-result').innerHTML="Passwords must match";
 }else{
 document.getElementById('cpass-result').innerHTML='&lt;img src="http://iconlet.com/icons/kensaunders/4/CheckMark.png" style="width:15px;"/&gt;';
 } 
}
&lt;/script&gt;
&lt;/head&gt;
&lt;body&gt;
 &lt;form action="practice.php" method="post"&gt;
 e-mail:&lt;br/&gt;&lt;input id="email" type="text" onblur="validateEmail(this.value)" /&gt;&lt;span id="result"&gt;&lt;/span&gt;
 &lt;br/&gt;&lt;br/&gt;Password:&lt;br/&gt;&lt;input type="password" id="pass" onblur="validatePass(this.value)"&gt;&lt;span id="pass-result"&gt; &lt;/span&gt;
 &lt;br/&gt;&lt;br/&gt;Confirm Password:&lt;br/&gt;&lt;input type="password" id="confpass" onblur="validateCPass(this.value)"&gt; &lt;span id="cpass-result"&gt;&lt;/span&gt;
 &lt;br/&gt;&lt;input type="submit"&gt;
 &lt;/form&gt;
&lt;/body&gt;
</code></pre>

Validating forms using javascript only and preventing users from submitting JS disabled forms?

33 天实现自己的 AI 进化论？发文瓜分机械键盘、耳机等万元奖池！点击参加活动：<a href="https://cloud.tencent.com/developer/article/2503022" target="_blank">https://cloud.tencent.com/developer/article/2503022</a> 
 <img src="https://qcloudimg.tencent-cloud.cn/raw/01543e0407db10898a7ee9f420794432.jpg"/>

技术创作特训营有奖征文

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋 

腾讯云AI代码助手

CODING DevOps

Cloud Studio

SDK中心

API中心

命令行工具

文章&问答评论现已支持表情

我正在尝试为我的网站创建一个有效的注册表，目前正在编码它的一个演示实践。我可以使用javascript验证表单。但是，我在某处读到表单应该在客户端和服务器端都进行验证，因为JS可以被禁用。我想知道，如果所有的javascript验证都不满意(我注意到eBay在他们的注册表中使用了类似的方法)，是否有一种方法可以简单地禁用提交按钮，如果是这样的话，我该如何实现呢？这就是我到目前为止所处的位置：<sc

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐