Javascript Form Validation On Client Side Without Server Side - Is It Safe?

Supose I have some form with javascript client side validation and no server side validation. If user disable javascript in his browser there will no be submit button so he can not

Solution 1:

No. it is not safe. Use server side validation.

For example, even without the browser, I can read your source code. Then simply use CURL to send a post request with malicious data.

Never, ever trust the client.

Solution 2:

No, it's not safe. For example, I could just open up the JavaScript debugger in my browser and override your validation.

Solution 3:

Anyone who is capable of disabling javascript on their own is probably also capable of making arbitrary POST requests on their own as well. Ok I might be exaggerating but it's still not safe as someone can do the POST requests without using browser, let alone your form, at all.

Solution 4:

I would suggest use both client side and server side validation.

Benifit of client side validation is it's fast, we never hit server until user enter correct input. This saves time and avoid user flustration. This is really helpful in large forms. However demerit is a bad guy can override the client side validation, Hence to avoid such case we should validate in serverside also before processing data.