Answer:
You can not do anything about HTML, against someone who opens firebug and leaves modifying things.
Explanation:
You can only have security if you validate on the Server, since any method you use with javascript or html the same method o "face with firebug" can also do. That is, there is no way, you have to validate on the Server, then you will have security.
However, you should do the validation in the client (with javascript) and also in the Server, it is always safer in this way.
Tip: you can use "trickery" to make it difficult on the client side, for example:
Let's say that every field has a certain "attribute required for submission" that would be something invented by you. Here you would validate each field with its respective "required attribute for submission" for example:
<input type=text data-required="HFG2#4DF@">
This would be a valid field for having such data-required
, then we would have a field disabled:
<input type=text disabled>
Even if the firebug user goes to it and removes the disabled attribute, it will not work because, you check if all fields have this date-required using:
if ($(seuInput).attr('data-required') == "HFG2#4DF@")
//submete o formulário
else
//não submete o formulário.
Then it would be impossible to send that field if you did not put the invented attribute.
Note: this HFG2#4DF@
is just an example that you can make someone's life difficult by having him browse and understand your javascript codes in order to submit this field.
There are also several ways to do these things, for example you can put a different ID for each field and use a different data-required
for each one that could be the ID MD5 Code of each, or a Base64 of the ID of each.
Of course, this will affect the performance a little and is only used if you really want to make it difficult to submit the form at this point, it is not recommended to do this, it is only optional.