Good reasons not to use client-side validation anymore (in addition to server-side)?

Question

Looking at five or six login sections for various major 'web 2.0' sites, many of them seem to do all the validation server-side.

Can anyone provide any reasons for why none of these use client side validation aswell (i.e. javascript)? A prime example would be checking for empty text boxes when the user clicks 'login' and popping up an alert('Please enter your password and try again')).

I'm aware it is easily circumvented/disabled, so for security reasons is pointless.

Answer 1

'cause it's pain in the *ss to write JS validation code ? :D just leaving the room

Answer 2

Personally, I always try to use both, but I can think of two reasons not to use Client-side validation.

1. javascript not enabled on client
   side, therefore not possible... It's perfectly possible to trap whether js is enabled or not, and degrade nicely; but it is easier simply to
   code for the lowest-common
   client-side denominator simply assuming that client-side validation is not possible.
2. Client performance. It's faster to simply
   submit the form than it is to
   validate then submit the form. It
   lacks the immediacy of cs validation if there are any errors to report,
   but is faster if there are no errors.

Answer 3

There's no good reason not to use that kind of check. Saving your users time and frustration is a Good Thing^TM.

Better yet, instead of a popup, disable the Login button (from JavaScript, not in the HTML itself, to make it degrade gracefully). Enable it only if a username and password are filled in, and display a helpful message that explains why the button is disabled. This could be as simple as the grey text "Enter your password" in the Password box.