javascript - To what extend should I rely on client-side validation?

Question

I have a lengthy form which heavily uses client-side validation (written in jQuery). To prevent users with disabled JavaScript submitting the form, I have included a hidden field which is populated with "javascript_enabled" value by jQuery. If JS is disabled in the browser, then the filed is left blank and the form will not be submitted.

The question is - is this enough and I should feel safe, or do I have to include a server side validation for every field too?

Answer 1

No. Client side validation is only here for the comfort of the user, not to protect your server.

All client side actions are easy for the user to change.

To protect your server you MUST add server side validation.