Issues with Client-Side Validation

Client-side validation can be easily bypassed. For example, a malicious user could disable the client-side script routines by disabling JavaScript. Users may also construct their own form posts using custom HTML, or using an HTTP proxy to modify form posts. Reliance on client-side validation can lead to code injection vulnerabilities (such as cross site scripting or SQL injection). If you use client-side validation to enforce application logic, such as the cost of items in an online store, the logic can be circumvented resulting in vulnerabilities ranging from application defacement to theft of merchandise or money.