[nycphp-talk] "The Web is broken and it's all your fault."
Bill Kamm
wkamm at rvyriptide.org
Wed Sep 20 09:06:11 EDT 2006
And not everybody jumps on a new version of a browser when it comes
out. There are still millions of people using obsolete browsers.
Keith Casey wrote:
>On 9/20/06, Kenneth Downs <ken at secdat.com> wrote:
>
>
>> There are also some validations the browser cannot easily do. Lookup
>>validations are particularly bad, but format validations like checking for
>>an "@" in an email are much easier.
>>
>>
>
>Ah... but *this* is my concern. Let's say all the browser devs get
>together and agree to do this. Great, everyone wins, right? No.
>
>* An error or implementation variation in *any* of them once again
>makes our life more difficult... anyone want to go back to the days
>of IE 5?
>
>* There are a multitude of browsers besides the ones you see in your
>server logs. Many phones have custom proprietary browsers, so we have
>Motorola, Microsoft, Mozilla, Verizon, and Samsung all agree to
>something which will increase their workloads.
>
>* Since a browser can be completely bypassed (wget, fsockopen, etc),
>we still have to do it on the backend so it saves us zero work.
>
>But here's the danger... how long would it take for a PHB, newbie, or
>lazy developer to say "why are we validating data on the server? My
>browser does it just fine." And in one fell swoop, we're back to
>where we are now... or maybe in an even worse place.
>
>Having a validation layer on the browser (js, whatever) is useful, but
>it's not something to depend on for anything...
>
>
>
More information about the talk
mailing list