24

Through the years I've worked in web development it's been ingrained in me that client-side validation is absolutely and completely necessary in all web applications. Seems to me like all the people in the profession are very adamant on using it every single time. The most commonly mentioned benefits are:

  • Instantaneous showing of form errors
  • Less unnecessary requests to the server

But as we're moving towards the modern web, more and more applications are AJAX based. The simple task of submitting forms takes a lot less time now than it did before and validating on the server and returning errors barely impacts the user experience.

Could it be justifiable to completely avoid client-side validation (for example) on an application that only contains small and simple forms?

EDIT: I would argue that the linked duplicate question doesn't really capture the same example I'm giving here. A lot has changed since 2011. All of the answers on the related question are arguing for user experience whereas in my question I'm describing a scenario where the user experience would be unaffected.

When client-side validation no longer improves the user experience does it continue to rank in the same level of importance as before?

Alternatex
  • 1,031

4 Answers4

64

Server side validation is absolutely necessary. Client side validation is purely a user experience improvement since the same validation should always happen on the server anyway. After all, you can always disable JavaScript or simply post arbitrary data directly via HTTP.

If you can provide server side validation which gives just as smooth a user experience as client side validation, you don't need client side validation.

JacquesB
  • 61,955
  • 21
  • 135
  • 189
26

While I agree with JacquesB, if you can provide the same level of interaction server side, then client side validation isn't always needed - however some other points to consider.

Point A (Speed): Client side validation is intended to be instant, as in 100% instant. While network speeds are improving, you're unlikely to be able to guarantee that this speed will be constant, and for everybody. Client side validation will generally always outperform the latency of a network request.

Point B (Performance): Server side validation, by definition is performed on the server. If you're working on a high traffic application on a budget server then saving additional requests no matter how small can make an impact in overall performance. Especially if we consider Point A where the latency can lead to multiple submission from the user, awaiting feedback.

Point C (Flexibility): Some validation isn't necessarily based on the value of a field, but can be based on the order or mechanism or populating a field. For example if a user copies and paste's into a password or email field, commonly this is nullified by javascript. This level of validation (which I believe this functionality still falls under) couldn't be achieved server side.

When client-side validation no longer improves the user experience does it continue to rank in the same level of importance as before?

While this is a valid question - it's alittle too abstract to answer yet. It's hard to imagine in the next year or so that this will ever become true, and as Point C covers, client side validation is often used to validate the users behaviour, not just values, which again is hard to imagine being managed server side.

Finally, as everybody already knows. Client side validation isn't robust enough to use solely on it's own. So just to reinforce the point, don't rely on client side validation without also checking server side. This includes javascript validation and validation included in the HTML5 spec built into certain input types.

samuelmr
  • 361
  • 2
  • 7
4

Try high-latency connections

While rapidly firing a tiny AJAX request to do some on-demand server side validation may seem just as fast as doing it with client side javascript, having the same user experience, it is only true because you have a comparably good internet connection.

Some of your users will have internet connections that for various reasons are slow, unreliable, high latency or a combination of this. For them, this approach to validation will noticeably worsen the user experience.

It is often a good idea to run at least some usability testing with an artificially worsened network connection (there are tools to simlate that), so that you'd understand and have a chance to fix UX in such situations.

Peteris
  • 1,087
1

It's still a very good idea to do "well-formedness" validation on the client-side...i.e. you expect a number, and encounter an alpha character, or a selection isn't made that renders the submittal moot...and of course, empty fields.

Doing business logic validation client-side is becoming, as the OP ponders, somewhat anachronistic these days, depending on the architecture. If your user interface is pure VIEW, with little or no MODEL or CONTROLLER aspects, then validating business requirements for data client-side is almost moot.

dwoz
  • 411