Inspect Element can change anything, and its ok?

Question

I found it handy to style my webpages with google chrome by changing css values via 'inspect element'.

A lot of you may already know this but I just recently found out that I can also edit the whole entire html e.g.(change div tags to a tags, add inline javascript, change form values, etc.)

I made a simple test:

<?php
if(isset($_POST['select'])) echo $_POST['select'];
?>

<form enctype="application/x-www-form-urlencoded" action="selecttest.php" method="post">
<select name="select">
<option value="100">100</option>
</select>
<input type="submit" value="submit">
</form>

When I click submit it echos 100. I changed the value to something via google chrome inspect element clicked submit and it echos something. I tried putting <a href="http://www.google.com">100</a> as the value. When I clicked on submit it echos a hyperlink 100

Isn't this feature dangerous? I can't imagine anything extremely dangerous right now because I'm still new to programming but I'm just thinking what real black hat hackers with years of experience can do with that much freedom. Right now I'm just thinking 'Just filter out ALL user input and your safe'.

So my question is, is there any real actual threat from this feature even if you filter out ALL user input?

Answer 1

You shouldn't worry too much over DevTools, since any change there is local to the user's browser. You should instead worry about any incoming network data, such as the contents of a GET or POST request.

As a programmer you should always validate the input you get from a browser, making sure it's within your expected range of values.