HTML.form.guide

Best Practices

How to validate an email address using JavaScript

Validating email address using regular expressions is tricky and is often not recommended. The reason is simple. A valid email address as defined by RFC 2822 can be quite complex. A valid email is of the format: name@domain The name can be a set of ‘atoms’ separated by dots. In its simplest form like this: john.doe@domain now, the atoms can contain alpha-numeric characters Any of these characters ! $ & * - = \^ ` | ~ # % ‘ + / ?

Continue Reading →

A Definitive Guide to Sensible Form Validations

Here is one of form validation error messages that made me laugh aloud : “invalid last name. Please enter a valid last name”. The form (or the souls that coded that form) decided my last name is bad and imagine, they want me to build a valid last name too! Bad, uninformed form validations can turn people away from your web form. Often it means lost sales or opportunities. Web forms are communication channels through which your users reach you.

Continue Reading →

What is CSRF (Cross-Site Request Forgery)?

Cross-Site Request Forgery (CSRF) also known as session riding or one-click attack is a security attack that executes unwanted actions on a web application on behalf of a logged-in user. To understand this, take this scenario: suppose there is a user logged-in to their account (perhaps on a social media application). To track user sessions, the application stores cookies in user's browsers. When a user gets authenticated, a cookie is saved on their browser and on subsequent calls that they make to the application, the cookie gets sent with the request.

Continue Reading →