I need know about pros and cons of render html page in client-side (JavaScript) or server-side (PHP, C#, Java, Python, Cold Fusion, others).
What about security, performance, good practices?
Thanks in advance!
Try this..
Server-side HTML rendering:
Fastest browser rendering
Page caching is possible as a quick-and-dirty performance boost
For "standard" apps, many UI features are pre-built
Sometimes considered more stable because components are usually subject to compile-time validation
Leans on backend expertise
Sometimes faster to develop*
*When UI requirements fit the framework well.
Client-side HTML rendering:
Lower bandwidth usage
Slower initial page render. May not even be noticeable in modern desktop browsers. If you need to support IE6-7, or many mobile browsers (mobile webkit is not bad) you may encounter bottlenecks.
Building API-first means the client can just as easily be an proprietary app, thin client, another web service, etc.
Leans on JS expertise
Sometimes faster to develop**
**When the UI is largely custom, with more interesting interactions. Also, I find coding in the browser with interpreted code noticeably speedier than waiting for compiles and server restarts.
Security:
Any data manipulation that you want to secure needs to be done on the server. Any data that is processed on the client side is absolutely open for manipulation. For example, if you have a javascript function that processes some information that then gets posted back into the system--it would be very easy to manipulate the result just before it is posted back even if you have exemplary back-end security
Server-side validation treats all incoming data as untrusted, it’s the gateway into the rest of the system. Client-side validation helps make the experience smooth for an end user and attempt to reduce some load from the server. With both in place, you hit the whole punch-list of options above.
If you have to sacrifice one, however, client-side validation should be the one to go. Client-side offers a better user experience and slightly less server load, but it’s at the expense of all of the security concerns that server-side validation addresses. looked at another way, Server-side validation prevents the type of issues that could put you out of business, client-side validation improves the experience.
Client-Side
Yes – It prevents bad values for users with good intent
Yes – It helps the good intent user correct their value without the overhead of a server round-trip
No – It prevents bad values when a script fails to load (like jQuery)
No – It prevents bad values as a result of malicious editing of the web form (developer tools)
No – It prevents bad values submitted directly to the endpoint (ex: Cross-Site Request Forgery)
No – It prevents bad values when accessed in frames
No – It prevents bad values when data is altered via a Man-in-the-middle attack
Server-Side
how does this stack up against the client-side method?
Yes – It prevents bad values for users with good intent
No – It helps the good intent user correct their value without the overhead of a server round-trip
Yes – It prevents bad values when a script fails to load (like jQuery)
Yes – It prevents bad values as a result of malicious editing of the web form (developer tools)
Yes – It prevents bad values submitted directly to the endpoint (ex: Cross-Site Request Forgery)
Yes – It prevents bad values when accessed in frames
Yes – It prevents bad values when data is altered via a Man-in-the-middle attack
Refer: