Use javascript minimalistically, and work under these general rules:
1. Javascript can be disabled, added to, or even edited. What you give the browser is little more than a suggestion of what it should run.
2. Always work under the assumption that the data javascript gives you is forged.
3. Always (ALWAYS) validate your input with a server side language like PHP that can not be edited by the client.
|