There are usually the following methods to bypass front-end JS validation:
Method 1: Save the page on your own machine, then remove the place where the script is checked, and finally run the page on your own machine.
Method 2: This method is similar to method 1, except that the statement that introduces js is deleted, or the js suffix name that is introduced is replaced with any name, it is OK
Method 3: Enter the request URL and parameters directly in the browser address bar, send a get request, and that’s it
Method 4: In the browser settings, set Disable scripting
How to validate if javascript is disabled on client side?
The server must be authenticated. This is the last line of defense and must not be sloppy. For example: if the server does not verify, then you can rewrite a form without JS verification anywhere connected to the Internet, and then submit it to the program of your website, the consequences can be imagined, almost free access.
The essence of client-side JS verification is to improve the user experience, allowing users to know the right and wrong of filling in the information in advance.
According to the principle of graceful degradation of Javascript , the page can still be used normally even when JS is disabled. Although the user experience may be poor and some effects are missing, the basic functions can still be achieved. Therefore, don't rely too much on JS, and the server should verify it.
Write a server program to give you a reminder: don't trust any client data, JS is just an auxiliary verification, to reduce unnecessary submissions, such as submitting a lot of data in the past, and finding that one data is illegal, isn't this a waste of server resources? ? But on the server side, these verifications are indispensable, because the submitter may not be a browser, that is, some simulated sending tool.