Validation of user input must occur server-side.
Benefits of conformance
- Increased security:
- Increased protection of systems and data
- Increased reliability of data validation
- Increased data integrity
- Increased customer satisfaction and experience for all users.
Risks of non-conformance
- Reduced data security
- Reduced data integrity and reliability.
Form validation is to take place on the server regardless of any client-side capacity. Client-side validation can be easily bypassed and some users may not have client-side script available or enabled in their browser.
Client-side validation can be used to supplement server-side validation. Use of client-side validation is encouraged as it can result in more timely feedback to users and a more responsive user experience. It is important to ensure that any client-side validation algorithms are consistent with the definitive server-side validation algorithms.
It should also be noted that modal presentation of error messages is strongly discouraged as they are likely to break the user’s train of thought and offer limited opportunity for the user to review the error messages while trying to address them.