On 14.01.18 18:21, Keith Moore wrote: > > I would characterize it as both best practice and a minority view. We > should never assume that best practice is synonymous with widespread > practice, especially where security is concerned. Ok, I'll say publicly what I've said privately: JS serves a purpose. Most forms require some amount of application-level knowledge to provide the user a good experience, for instance. Cramming all of that onto the server means delay and less interactivity, which users hate. Now I would agree with anyone who said that JS represents a kitchen sink approach, but passing some of the processing to the browser somehow is to me appropriate. And remember, this isn't the first attempt at this. We started with Java. Want to talk about pain? Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature