Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Frontend form validation is not for security, it's for user experience. Backend validation is for security.


A lot of form validation can cause anything from bad user experience to making the whole service unusable. Phone numbers outside North America are not fixed length. Addresses come in many formats. The list is endless.

We live in a global world. There is probably not a single site that can be sure to have only "local" users. Ask anyone who moved from one country to another or just tried to plan a bit more exotic holiday trip.


But there are sites that explivitely ask for a "local" phone number. Maybe their automated sms system can't send to foreign numbers ? I' pretty sure that's how banks in the us operate Anyway in that case, the front-end should definitely catch it before the backend throws a fit




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: