E-mail List Archives
Thread: Opinions please
Number of posts in this thread: 3 (In chronological order)
From: John Foliot - bytown internet
Date: Fri, Jul 12 2002 9:25AM
Subject: Opinions please
No previous message | Next message →
Please excuse the cross posting to those who receive this twice.
I have a client who wishes to use JavaScript in a form for form verification
prior to submit - it is important that all fields be filled out. I have
advised that all "Mission Critical" scripting MUST be server-side to ensure
universal accessibility. Their concern however is on server load - the form
is part of a huge enterprise with potentially hundreds of thousands of
"hits" daily. The question was then posed - could they use JavaScript as
the primary means of form verification, with a server side redundant back-up
for user agents which do not support client side scripting?
My first instinct is to say probably yes, citing the W3C WCAG Guideline
11.4: "If, after best efforts, you cannot create an accessible page, provide
a link to an alternative page that uses W3C technologies, is accessible, has
equivalent information (or functionality), and is updated as often as the
inaccessible (original) page." - the redundant server-side backup delivers
the equivelant functionality.
Does anybody see any holes here? Not being a server guy, I'm not sure how
they could actually accomplish this (how would the server-side checker know
when _not_ to check without first running?), but assuming they could
accomplish this, would it pass muster in terms of accessibility?
Please and Thanks
JF
---
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/
----
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/
From: Jared Smith
Date: Fri, Jul 12 2002 10:03AM
Subject: Re: Opinions please
← Previous message | Next message →
John-
I agree that you COULD use JavaScript for client side verification and
if the client doesn't have JavaScript, then have the server perform
the verification. This can be done by using JavaScript. If the user
has JavaScript, you can redirect the form to a non-validating server
script. If the user doesn't have JavaScript, the form goes to the
validating script as defined in the FORM tag. You can get ideas on how
to do this at http://developer.irt.org/script/form.htm#7.2 (IRT.org is
THE JavaScript resource).
You must ensure that the form is fully accessible with AND without
JavaScript enabled. Most screen readers will have JavaScript turned
on.
Jared Smith
WebAIM.org
***************
On Friday, July 12, 2002 you sent:
JFbi> Please excuse the cross posting to those who receive this twice.
JFbi> I have a client who wishes to use JavaScript in a form for form verification
JFbi> prior to submit - it is important that all fields be filled out. I have
JFbi> advised that all "Mission Critical" scripting MUST be server-side to ensure
JFbi> universal accessibility. Their concern however is on server load - the form
JFbi> is part of a huge enterprise with potentially hundreds of thousands of
JFbi> "hits" daily. The question was then posed - could they use JavaScript as
JFbi> the primary means of form verification, with a server side redundant back-up
JFbi> for user agents which do not support client side scripting?
JFbi> My first instinct is to say probably yes, citing the W3C WCAG Guideline
JFbi> 11.4: "If, after best efforts, you cannot create an accessible page, provide
JFbi> a link to an alternative page that uses W3C technologies, is accessible, has
JFbi> equivalent information (or functionality), and is updated as often as the
JFbi> inaccessible (original) page." - the redundant server-side backup delivers
JFbi> the equivelant functionality.
JFbi> Does anybody see any holes here? Not being a server guy, I'm not sure how
JFbi> they could actually accomplish this (how would the server-side checker know
JFbi> when _not_ to check without first running?), but assuming they could
JFbi> accomplish this, would it pass muster in terms of accessibility?
JFbi> Please and Thanks
JFbi> JF
----
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/
From: Kynn Bartlett
Date: Fri, Jul 12 2002 10:07AM
Subject: Re: Opinions please
← Previous message | No next message
At 12:14 PM -0400 7/12/02, John Foliot - bytown internet wrote:
>Their concern however is on server load - the form
>is part of a huge enterprise with potentially hundreds of thousands of
>"hits" daily. The question was then posed - could they use JavaScript as
>the primary means of form verification, with a server side redundant back-up
>for user agents which do not support client side scripting?
Yes, that's fine.
Note that for matters of pure security they will want to do server-side
checking ANYWAY because anyone can download a JavaScript and spoof a
valid response, thereby allowing non-validated data to be entered directly
into a system which does not do server-side verification. Please point
out to them that such a situation is a potential security hole.
--Kynn
--
Kynn Bartlett < = EMAIL ADDRESS REMOVED = > http://kynn.com
Chief Technologist, Idyll Mountain http://idyllmtn.com
Next Book: Teach Yourself CSS in 24 http://cssin24hours.com
Kynn on Web Accessibility ->> http://kynn.com/+sitepoint
---
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/
----
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/