locked
does textbox.maxlength also protect it on server side? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User2110873642 posted

    when i set a textbox.maxlength, is this a pure clientside feature? or does my server also validate the input for security?

    do i really need additional checks in my code that text.length <= than textbox.length?

    Friday, February 15, 2019 11:27 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User753101303 posted

    Hi,

    Yes maxlength is an HTML attribute used client side by the browser. One could use F12 to remove/alter this maxlength before posting a form.

    If starting with Web Forms you could have a look at https://docs.microsoft.com/en-us/aspnet/web-forms/overview/presenting-and-managing-data/model-binding/retrieving-data which is quite new (and not easily discoverable in alternate approach which are much older) and closer to MVC etc... 

    In short the idea would be to define that one time on the server side so that it is checked. The UI will use the same information to do the client side check (and so it is checked on both the client and server side without extra work).

    Friday, February 15, 2019 11:48 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    when i set a textbox.maxlength, is this a pure clientside feature?

    Yes

    or does my server also validate the input for security?

    No

    do i really need additional checks in my code that text.length <= than textbox.length?

    Client side validation is for the user's experience.  Server validation is for security.

    Friday, February 15, 2019 11:51 AM