Server-side validation bypass in multi-step form when record is not saved
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi everyone,
I came across an interesting validation behavior while working on a multi-step form in ServiceNow and wanted to get some insights from the community.
I have a wizard-style flow where users move through different sections using a Next button. In one step, there is a checkbox that controls whether a related field in the next step should be mandatory.
The validation for this dependency is currently handled on the server side. However, I noticed a gap in behavior. If a user selects the checkbox and immediately clicks Next without saving, the system still reads the previous value from the database. Because of this, the validation does not trigger as expected and the user is allowed to proceed.
From what I understand, this happens because server-side logic evaluates only the persisted data, not the latest changes made on the form.
I’m exploring the best way to handle this and would appreciate your suggestions:
In such cases, is it better to move the validation entirely to the client side?
What are the recommended approaches to ensure validations always consider the latest user input in multi-step forms?
Are there any best practices to keep client-side and server-side validations in sync?
Looking forward to hearing your thoughts and learning from your experiences.
If anyone is open to connecting and discussing further, feel free to reach out to me on LinkedIn as well.
https://www.linkedin.com/in/sharmaankith/
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
1. In such cases, is it better to move the validation entirely to the client side?
No. Client-side validation improves user experience by offering immediate feedback, but server-side validation remains critical for ensuring data accuracy and security.
- Client-side: Ideal for guiding users through steps with quick, soft checks that don’t require saving to the database.
- Server-side: Acts as the final safeguard to ensure only valid data is stored permanently.
2. What are the recommended approaches to ensure validations always consider the latest user input in multi-step forms?
To validate the most recent (unsaved) user inputs, consider these ServiceNow-focused approaches:
- UI Policies for field dependencies: Dynamically mark fields as mandatory based on user input (like a checkbox) directly in the browser, without server interaction.
- onChange Client Scripts: Trigger logic when a field changes. e.g use g_form.setMandatory('<field_name>', true)to instantly enforce requirements for the next step.
3. Are there any best practices to keep client-side and server-side validations in sync?
- GlideAjax for advanced validation: When checks require server logic , call a Script Include via GlideAjax from the client side to validate current form data without saving it.
- Centralized validation logic: Store core validation rules in a Script Include so they can be reused across Client Scripts and Business Rules.
- Data Policies: Use these to enforce mandatory fields universally—whether data is submitted through the UI or APIs—ensuring consistency across client and server layers.
