[nagyf]

Everything has to be validated on the server side simply for security reasons. Even if you do all validation on the client side, which prevents the users submitting a form with invalid data, an attacker can work around that. e.g. submitting the form with valid data, but intercepting the request and modifying the values there. Or simply just using curl with malicious/invalid data.

You still need the client side validation for UX. The regular users needs to know if they messed up someting in the form. Also it's a much better UX if it's done on the client side, without the need to send an async request for validations.

[emodendroket]

Yeah but that doesn't answer why you can't share validators between the backend and the frontend if both are written in the same language.

[yawaramin]

Because HTML form validation is a built-in native feature of HTML, and it's integrated in the browser:

    <input type="email" required placeholder="Please enter your email address">

Constantly reinventing the wheel in every app is silly.

[emodendroket]

These validators are rather limited and you’ll end up needing JavaScript for any Web app with anything beyond the simplest requirements.

[yawaramin]

They're limited in some ways but they're just about powerful enough to do almost everything you'd need or want to do client-side without making a network request. In my opinion it doesn't make sense to try to fit in tons of complex validation logic in the frontend.

[emodendroket]

Why make a round trip if you don’t have to?

[PaulHoule]

Some kinds of validation really do need the round trip. If somebody is choosing a user name on a sign up for you do need to do a database lookup.

If your back end is fast and your HTML is lean, backend requests to validate can complete in less time than any of the 300 javascript, CSS, tracker, font, and other requests that a fashionable modern webapp does for no good reason...

It's true though that many back ends are run on the cheap with slow programming languages and single-thread runtimes like node.js that compete with slow javascript build systems to make people think slow is the new normal.

[yawaramin]

Why be on the internet at all? Why not distribute a desktop app that doesn't need any connectivity at all?