+1 on this. I am no l33t h4x0r (by any stretch of the imagination), but even I know I can easily circumvent client-side validation for nefarious purposes in at least the following ways: 1. save the form onto my drive, remove all js and submit the form to your server url with pretty much any data I like in it 2. switch off javascript and mash that submit button
Web apps should be built to work first without JS, and then the js behaviour should be layered over the top: http://domscripting.com/blog/display/41 :) Paul ******************************************************************* List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *******************************************************************