2

I just want to clear some things up about ASP.NET MVC and HTML5 validation. I disabled all jQuery validation on my project so I could use only HTML5 validation as it looks and feels much better than jQuery one.

The thing is, HTML 5 validation does not seem to react on MVC annotations inside C# models. (eg. [Required] or [Compare("Password"])) it does react on real html attributes to elements (eg. new { required = "required" }).

So HTML 5 validation works on JavaScript, right? Wouldn't this be vulnerable since one can disable browsers JavaScript and bypass the validation?

Also is it possible to find where these HTML 5 validation scripts are so I can alter them or add new ones (since I didn't find any for live password confirmation) or should I only write new <script></script> in my View?

Any information on this would be helpful, thank you.

Improve this question
1
  • 1
    Any front-end validation (HTML5 or JS) is meant for a better end user experience as it depends on the browser and client side. So it should ALWAYS be checked and validated on the server side! Commented Oct 29, 2017 at 13:32

2 Answers 2

Reset to default
1

The benefit of using MVC validation is that it runs at client and server side. If you disable client validation then you still can check ModelState.IsValid in your action method. This is a must for preventing inserting garbage in the database when internet browser has JavaScript disabled but also to protect the data against malicious attack.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yeah I do have Model.IsValid in all of my controllers but is this really enough?
Validation at server is what really protects you against attack. Client side validation cannot guarantee in all cases. Client side validation is there for improving user experience.
0

It may "look and feel" nicer to use only HTML5 validation, but you're really missing out on what is being done for you out-of-the-box. Other developers may be used to working with ASP.NET MVC-style validation, and you'll want good reasons to give them when they ask you "why don't you just use the HTML helpers and jQueryValidate?"

The MVC framework - in combination with jQueryValidate in a typical project - solves what is normally a challenge for web developers; maintaining validation rules that work consistently on the server AND the client.

It's not perfect, but if you follow an MVC validation tutorial from start to finish (or read the validation chapter from an MVC book), you'll begin to appreciate the power and flexibility of the out-of-the box solution.

It's also easier for other developers to understand how your validation code works, by adhering to the tools provided by the framework, you're less likely to go wrong. Naturally, technology - especially web techonology - is in a state of constant change, and so much depends on context.

Improve this answer

2 Comments

So the jQuery takes care of client AND server side? That sounds nice. I could do some jQuery and make jQuery validation look similar to HTML5 one.
No, the HTML helpers (which you should be using to create form fields) on Razor pages generate HTML with validation that is based on the annotations of your model, which jQuery validate should automatically hook up on the clientside.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.