1๐
Ask yourself why you needed that readonly value in the first place. Presumably, it was your code that generated it, when the user first requested the form. So, what was available to your code when the user requested the form that is not available when the user submits it back? There shouldnโt be anything, which should lead you to the conclusion that that field can just as easily be generated on submit, without it needing to appear in the form at all.
2๐
You cannot reply on Javascript or anything on the client side for security. Just ensure that your server is secure.
For example you can just telnet to the port and send the appropriate data to the server. This will thwart and checks via Javascript (or any other technology( on the client side.
Just use Javascript to make the users experience on the client more enjoyable and more responsive. Do not use it for security.
1๐
Your server code must be the final authority, it simply cannot rely on the quality of validation that the client has done. View all clients, be they HTML or otherwise as prone to the effects of both devious users and fallible coders.
- [Django]-Object has no attribute 'get_absolute_url'
- [Django]-Django Import Issue
- [Django]-Match an alternative url โ regular expression django urls
- [Django]-How to display multiple lines of text in django admin?
1๐
-
Never believe the data sent by a user (cookies, session,parameters in HTTP request,โฆ). All data send by users can be modified.
-
Yes of course
-
It is still to be done.