On Mon, Jul 27, 2009 at 6:06 PM, Jörn Zaefferer<joern.zaeffe...@googlemail.com> wrote: > > Having JS sanitize for the backend is somewhat dubious, I'd not go > there, but you probably don't want to discuss that.
I think we're in agreement there, actually. JS provides no security and shouldn't be relied on. Rather I'm looking at a progressive enhancement feature: Server-side validation can reject (for example) any CC Number that isn't 16 digits. User's w/o JS can get the functional basics ("please enter your CC number without hyphens or spaces") The JS front end will accept multiple formats (16 digits, 4 sets of 4 digits with whitespace, etc) and translate them to what the server demands. This is more impressive with string inputs for dates, phone numbers, etc. Typing "8005551212" is easy on the user, and seeing "(800) 555-1212" is better for their visual parsing. > Anyway, a validation method has access to the validate element, so you Ah, this is the essential piece I was missing. I'll code a few tests and report back in a few days. Thanks for the help! -- Brett Ritter / SwiftOne swift...@swiftone.org