The JS verification of the bypass front end usually has the following methods:
Method One: Save the page to your machine, then remove the script check, and finally run the page on your machine.
Method Two: The same way as the method, just the introduction of JS to delete the statement, or the introduction of the JS suffix name replaced by any name, OK
Method Three: In the browser address bar directly enter the request URL and parameters, send a GET request, you can
Method Four: In the browser settings, set the Disable script
How do I verify if the client has JavaScript disabled?
The service side must be verified, this is the last line of defense, not sloppy. For example: If the server does not verify, then completely in any connection to the Internet to rewrite a non-JS verification of the form, and then submitted to your site program, the consequences can be imagined, almost free access.
The client's JS verification of its essence is to enhance the user experience, you can let users know in advance the right to fill in the data, or wait until a submission, and then return an error, the original filled all emptied, then the crazy.
According to the principle of graceful degradation of JavaScript, the page should be disabled in the case of JS can still be used normally. Although the user experience may be poor, some effects, but the basic functions are still achievable, so, do not rely too much on JS, the service side of the verification has to be verified.
Write server program, give you a reminder: Do not trust any client data, JS is only a secondary verification, is to reduce unnecessary submissions, such as the submission of large piles of data in the past, found that there is a data is not legal, so it is not a waste of server resources? But the server side is the need for these authentication, Because the submitter may not be a browser, that is, some analog send tool.
How to skip front-end javascript validation