Pregunta
I am thinking to use the Input Type tags in my web application like
https://stackoverflow.com/questions/15586416
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<input type="email">
<input type="number" required="required">
I'm just curious how safe is to use them , Is there any options so the user will disable them from browser.
Solución 4
HTML5 is as safe as HTML4 for Input Methods, Your elements should be controlled by JavaScript or PHP and have them validate the data that the user is imputing.
If your concerned about compatibility with the new HTML5 tags then you should use HTML5Shiv which contains best of both worlds.
Otros consejos
They are not safe.
You can never count on them being executed.
You can't skip server-side input-checking.
An HTML form is merely an interface for users to enter data. What your server receives is an HTTP request, which the browser builds with the data entered into the form. But anyone can send any sort of HTTP request to your server at any time, entirely independent of any HTML form or website.
Nothing client-side is "safe".
They are safe to use but please avoid the use of REGULAR EXPRESSION.
Some browsers don't support the tags. For example Safari does not support <input type="email">. Instead it will treat it as type="text" and it will accept abc@xyz even though it is a invalid email address. Refer to this Stack Overflow question for further information.
HTML5 is as safe as HTML4 for Input Methods, Your elements should be controlled by JavaScript or PHP.
Server-Side validation is best way to keep them secure.
They are safe to use. The user can't disable them and if the browser does not support them they will behave like a regular input type=text element
If a browser doesn't understand a type, it will be treated as text. It's impossible to say if users will be able to disable them because there could be an obscure browser somewhere used by someone that people here may not know about. Code defensively (be prepared if it's disabled), but use the features that are out there.
Any older browser that does not know those new input tags will treat them at least as text inputs thus making a server-side check indispensable.
Edit: If that was not clear with my original answer, but I did not meant that only new tags should be checked server-side. I just wanted to make clear that you can not trust the input being valid just because you have corresponding inputs on the front-end.
