Feedback - Server Side validation is required for the Subscribe form.

[utsavtilava]

Type of feedback

// dev

Description

Server-side validation occurs on the server after the data has been submitted.

Currently, if a user removes a required parameter using the browser's inspect tool, no validation is triggered when the popup opens for the first time. However, if the user removes the required parameter again, an error is generated in the console, preventing the process from proceeding.

Step-by-step reproduction instructions (optional)

1. Go to Learn WordPress
2. Scroll down to the Sign up for updates section, open the browser's inspect tool, and remove the required parameter.
3. Click on the Subscribe button.
4. Now, a popup for Learn WordPress will open.
5. Again, open the inspect tool and remove the required parameter from the popup form.
6. Again Click on the Subscribe button.
7. Now, you will see that there is no error displayed for the required email field. However, the console shows the following error: Uncaught SyntaxError: "[object Object]" is not valid JSON

Screenshots or screen recording (optional)

Learn.WordPress.-.There.s.always.more.to.learn._.Learn.WordPress.mp4

Suggested Fix

Make sure to check all form fields on the server, especially the ones marked as required. This will help avoid errors and protect the form from security issues like SQL injection and cross-site scripting (XSS).
Validating the input on the server is important because even if someone tries to change the form data using tools like inspect element, the data will still be checked and secured before being processed.

If you have any questions or concerns, just let me know.

Thank you.

[benazeer-ben]

Feedback Validation Checklist:

• If this is reporting an issue, can you confirm/reproduce the issue? Yes
• What should happen next to apply the feedback?: Server side validation should be implemented.

[utsavtilava]

Hello @benazeer-ben

If this is reporting an issue, can you confirm/reproduce the issue? Yes

Comment :
Yes, I can confirm that the issue is reproducible. I have tested the form multiple times, and the problem persists under various conditions. Specifically, the issue occurs when briefly describe the specific conditions or steps to reproduce the issue, e.g., when submitting the form without filling in required fields.

What should happen next to apply the feedback?: Server side validation should be implemented.

Comment :
I recommend implementing server-side validation for all form fields, especially those marked as required. This will ensure that any data submitted is properly validated before processing, which will help prevent errors and protect against security vulnerabilities such as SQL injection and cross-site scripting (XSS). Additionally, server-side validation will provide a more robust user experience by ensuring that users receive appropriate feedback when they submit invalid data.