WHATWG calls for 'Last' Comments on Web Forms

hixie writes " The W3C recently acknowledged a version of the Web Forms 2.0 draft submitted to the W3C by Mozilla and Opera. Meanwhile the WHATWG has updated the Web Forms draft and released a new call for comments. Send them in!"

Re:Input validation schemes

[Nasarius]

Maybe I'm being paranoid, but can anyone else see lazy PHP coders relying on this, and forgetting to do proper server-side input checking?

No need to pick on the PHP coders -- you can just as easily write unchecked Perl, ASP, Python, etc -- but yes, some of the biggest website vulnerabilities are caused by relying too much on JavaScript to validate input.

I mean, essentially you're just having to check everything twice... what was wrong with returning a page informing the user of his or her mistakes, exactly?

It's a little faster for the user (instant feedback on any mistakes), and it saves a tiny bit of server resources. And it should replace all the JavaScript hacks with one standard interface.