Validating input
Overview – Validating input
To help users avoid mistakes, HTML5 defines a range of built-in functionality for validating common types of input, such as email addresses and dates. Some scripting may be necessary for validation when using custom controls or supporting legacy browsers. In these situations, the user notifications should be accessible, as described in the section User notifications.
To ensure security, data needs to be validated both on the client-side and on the server-side as well.
Most user data can be validated using validation attributes on HTML5 form controls. The following are common validation attributes:
required
attribute- Specifies whether a form field needs to be filled in before the form can be submitted. See Validating required input.
type
attribute- Specifies the type of data. See Validating common input types.
pattern
attribute- Specifies a regular expression that defines a pattern the entered data needs to follow. See Validating pattern input.
minlength
andmaxlength
attributes- Specifies the minimum and maximum length of textual data. See Validating length of entries.
min
andmax
attributes- Specifies the minimum and maximum values of numerical input types. See Validating length of entries.
If the rules specified by the validation attributes are not followed, then the element becomes invalid and the browser blocks the form and displays an error message.
Validating required input
Identify required form fields both visually in the label and semantically:
- To identify required fields visually in the label, add an asterisk (*) to the label and define the asterisk above the form; or, add the word "required" in parentheses.
- To identify required fields semantically, add the
required
attribute to the control.
The required
attribute triggers client-side validation in the browser. Current web browsers support the attribute and notify the user of missing required input using a standard web browser dialog. These dialogs respect user settings and preferences in the browser and operating system, such as default font-size, colors, and language.
The presence of the required
attribute enables use of the :required
pseudoclass for CSS styling. If the required <input>
has no value, it enables use of the :invalid
pseudoclass. See the following Good example.
Good example: Browser validation of required input
In this example, the browser will not allow the form to be submitted until text is entered in the required input field. The :required
pseudoclass applies a background pink. The :invalid
pseudoclass applies a dashed border when the <input>
does not have focus.
Example begins
Example ends
HTML
Code begins
<form method="post" action="script-here">
<label for="org">Organization (required)</label>
<input type="text" id="org" required>
<input type="submit" value="Submit">
</form>
Code ends
CSS
Code begins
input:invalid { border: 2px dashed red; }
input:required { background-color: pink; }
Code ends
Validating common input types
HTML5 introduces new <input>
types for data, including email
, url
, number
, tel
(telephone), date
and range
, amongst others. Modern web browsers provide built-in client-side error validation for these new input types. For instance, a malformed URL triggers the browser to display a dialog with the message “Please enter a URL.”
To help users input data more easily, HTML5 provides controls for some of the new input types, such as a date picker and spin buttons for incrementing or decrementing numbers. For instance, in the example below, modern browsers display the “Number” input field with buttons to increase or decrease the number and display the “Range” input field as a slider control.
Legacy web browsers that don’t support the new input types display a simple text
field.
Input types already in use when HTML5 was introduced
- text
- Defines a one-line text input field
- password
- Defines a one-line password input field
- submit
- Defines a submit button to submit the form to server
- reset
- Defines a reset button to reset all values in the form.
- radio
- Defines a radio button which allows select one option.
- checkbox
- Defines checkboxes which allow select multiple options forms.
- button
- Defines a simple push button, which can be programmed to perform a task on an event.
- file
- Defines a file retrieval field.
- image
- Defines a graphical submit button.
Input types introduced with HTML5
- color
- Defines an input field with a specific color.
- date
- Defines an input field for selection of date.
- datetime-local
- Defines an input field for entering a date without time zone.
- Defines an input field for entering an email address.
- month
- Defines a control with month and year, without time zone.
- number
- Defines an input field to enter a number.
- range
- Defines a numeric value which must be no less than a given value, and no more than another given value.
- url
- Defines a field for entering URL.
- week
- Defines a field to enter the date with week-year, without time zone.
- search
- Defines a single line text field for entering a search string.
- tel
- Defines an input field for entering the telephone number.
Good example: HTML5 input types
Example begins
Example ends
View HTML
Code begins
<form class="form-horizontal" role="form" method="get" action="#">
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email</label>
<div class="col-sm-10">
<input type="email" name="email" class="form-control" id="email">
</div>
</div>
<div class="form-group">
<label for="url" class="col-sm-2 control-label">URL</label>
<div class="col-sm-10">
<input type="url" name="url" class="form-control" id="url">
</div>
</div>
<div class="form-group">
<label for="number" class="col-sm-2 control-label">Number</label>
<div class="col-sm-10">
<input type="number" name="number" class="form-control" id="number" min="0" max="100" step="10" value="0">
</div>
</div>
<div class="form-group">
<label for="range" class="col-sm-2 control-label">Range</label>
<div class="col-sm-10">
<input type="range" name="range" class="form-control" id="range" min="0" max="100" step="10" value="0">
</div>
</div>
<div class="form-group">
<label for="date" class="col-sm-2 control-label">Date</label>
<div class="col-sm-10">
<input type="date" name="date" class="form-control" id="date">
</div>
</div>
<div class="form-group">
<label for="time" class="col-sm-2 control-label">Time</label>
<div class="col-sm-10">
<input type="time" name="time" class="form-control" id="time">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Continue</button>
</div>
</div>
</form>
Code ends
Validating patterned input
The pattern
attribute provides another useful validation feature. It takes a regular expression (regex) as its value, which is used to match character combinations in text input. Regex is ideal for form validation, matching specific types of data patterns such as telephone numbers, postal codes, and serial numbers.
In this example, the pattern
attribute of the <input>
element uses regex to define a particular format that matches characters on an Ontario car license plate (issued since 1997). The pattern consists of four letters, followed by a space, followed by three numbers. The pattern won’t capture custom license plate values.
Good example: Using the pattern attribute to match a car license plate
Example begins
Example ends
HTML
Code begins
<div>
<label for="license">Ontario License Plate (XXXX 999)</label>
<input type="text" id="license" class="form-control" pattern="^[A-Z]{4}( )[0-9]{3}$">
</div>
Code ends
Validating the length of entries
The character length of all text fields created by <input>
or <textarea>
can be constrained using the minlength
and maxlength
attributes. A field is invalid if the value has fewer characters than minlength
or more characters than maxlength
.
For number fields, the min
and max
attributes can be used to provide a range of valid values.
Good example: Validating the length of entries
Example begins
Example ends
View HTML
Code begins
<form class="form-horizontal" role="form" method="get" action="#">
<div class="form-group">
<label for="choose" class="col-sm-2 control-label">Carrot or Orange? </label>
<div class="col-sm-10">
<input type="text" name="choose" class="form-control" id="choose" minlength="6" maxlength="6">
</div>
</div>
<div class="form-group">
<label for="range1" class="col-sm-2 control-label">How many? </label>
<div class="col-sm-10">
<input type="number" class="form-control" name="range1" id="range1" min="1" max="10">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Submit</button>
</div>
</div>
</form>
Code ends
Accommodating different input formats
When designing validation for the different data types, be as accommodating as possible of different input formats. Keep internationalization and customization in mind. Be permissive about the input format. For example, postal codes and telephone numbers in different countries follow different patterns. License plates can be personalized. Your form will be easier to use if it can interpret multiple notations.
Client-side validation benefits
Client-side validation improves the user experience. By catching invalid data on the client-side, the user can fix it right away, rather than waiting for a round trip to the server and back for error notification. The immediacy makes validation errors more understandable. Client-side validation can also reduce network and server load. However, client-side validation is easy to bypass, so malicious users can easily send bad data through to your server. For that reason, you should always validate on the server-side as well.
Validation by the user
Enabling your users to check and correct their input also reduces errors. Offer this feature whenever possible, but especially when actions are permanent, legal, financial or otherwise critical, or when the user’s data can’t be automatically checked.
Require user confirmation
Where possible, require user confirmation for irreversible actions, such as permanent deletion of data.
For example:
- A webmail application with an irreversible submit action for sending dozens of emails prompts the user for confirmation. The confirmation is implemented as a Modal window (see Module 12), which requires the user acknowledge it before continuing.
- Before an online shopping order is placed, the user reviews and confirms a summary of the products ordered and the shipping and billing addresses.
Provide undo functionality
Where possible, ensure submissions are reversible.
There are several UI controls that typically allow people to go back to the previous state of the system. For example:
- An Undo option will allow users to revert changes to a UI element.
- A “trash” folder that restores deleted files.
- Using a Back link returns users to a previous page or screen.
- A Cancel button will allow the user to quit a task or multi-step process.
- A Close button will allow users to close a new or an existing view.
The examples of forms validations are from the Web Accessibility Initiative (WAI) document: Validating Input (WAI) from the Forms tutorial of the Web Accessibility Tutorials. Eric Eggert and Shadi Abou-Zahra, Copyright © 2019 W3C ® (MIT , ERCIM, Keio , Beihang) Usage policies apply. Updated 27 July 2019 (first published September 2014).
Related WCAG resources
Related WCAG resources
Success criteria
Techniques
- G83: Providing text descriptions to identify required fields that were not completed
- G85: Providing a text description when user input falls outside the required format or values
- G98: Providing the ability for the user to review and correct answers before submitting
- G99: Providing the ability to recover deleted information
- G155: Providing a checkbox in addition to a submit button
- G164: Providing a stated time within which an online request (or transaction) may be amended or canceled by the user after making the request
- G168: Requesting confirmation to continue with selected action
- SCR18: Providing client-side validation and alert