<body>
<script type="text/javascript">
function clientValidation()
{
//Call an invalid function to cause exception
//var i=WTF();
if (document.getElementById("confirm").value!="SURE")
{
alert("Are you 'SURE'?");
return false;
}
}
</script>
<form id="form1" runat="server"
onsubmit="return clientValidation();">
<div>
Please type 'SURE': <input type="text" name="confirm" size="4" />
<asp:Button ID="Button1" runat="server"
Text="GO" onclick="Button1_Click" />
</div>
</form>
<script type="text/C#" runat="server">
protected void Button1_Click(object sender, EventArgs e)
{
Response.Write("Touch Donw!!!");
Response.End();
}
</script>
</body>
這個網頁中有一段Javascript會檢查使用者是否在INPUT中輸入"SURE",沒有輸入就禁止Submit。一般來說,這個檢查關卡是有效的,但有幾種情況會出包:
結論: 如果網頁上有什麼真正重要的驗證或檢查,切忌單靠Client-Side Scripting,前端檢查可以提供即時反應,減少不必要的Round-Trip,但真正的攻防主戰場還是在Server-Side...