As i’ve noticed this form plugin only does clientside HTML5 validation, is there a way to make validation on the backend? Clientside is not secure, because users can modify it.
Where or how did you notice this?
Because inputs allow even <script> to be submitted without validation, if i make validate.required or validate.pattern it adds clientside only validation.
Does the script run or does it get escaped? Have you been able to use this to run some javascript from form input?
You’ll have a much better chance to get help if you describe a lot more about what you’ve found with examples. No-one wants to tease this out of you slowly, especially volunteers trying to help. I am sure this will be taken very seriously with reproducable evidence.