I'm coding on a website with forms and use HTML5 validation - no rocket science so far. Everything works fine for me in Google Chrome, but I want to get sure that even a IE 6 user with no formvalidation does not insert malformed data into my MYSQL database.
Is there any way to turn off the HTML5 form validation in Google Chrome or some other state-of-the-art browser to test the serverside data validation?
To disable validation in HTML5 use
<form method="post" action="/foo" novalidate>...</form>
Refer this question for more details.I think Junit can also help to test server side validations.
Use parameterized query to gain more security. (If SQL query is formed using user input).
EDIT :
You can set it in About:flags
Steps:
1. On your Google Chrome address bar, type “about:flags” (without the quote) and press Enter.
2.Scroll down the list until you see the option “Disable HTML5 interactive form validation”.
3.Click the enable link.
Check : http://wikibin.org/articles/google-chrome-about-and-chrome-urls.html
EDIT 2 :
Just came to know that About:flags is depreciated use Use chrome://flags instead. Thanks @Max.
This Chrome extension allows you to disable Chrome's built in HTML validation
HTML5 Form validation errors remover
Unfortunately, the accepted answer doesn't work anymore since it was introduced in case the form validation was buggy (see removal requests).
Luckily, there is a chrome extension that does that for us for every page: Auto remove HTML5 form validation .
I'm not the author of this plugin and I cannot guarantee you that it doesn't do anything it isn't supposed to. The source code is very short, though (about 5 lines).
It now requires novalidate="novalidate" as below:
<Form novalidate="novalidate" onSubmit={this.handleSaveFormSubmit}>
Just novalidate no longer works, and Chrome displays "Please fill out this field"
You should absolutely be validating on the server if you are building any SQL strings.
In the client you should be able to fall-back to JavaScript-based validation, but that's no protection. Do it on the server as well.
