I have a form and it has been working for years.
But somehow a user can submit it with a field that required >= 3 letters. I did test on multiple browsers and the validation seems to work as expected.
I do not know how this user can get through with only 2 letters
@nikom User disabled client-side validation in their browser
If validation is disabled, Webflow’s built-in checks will not run.
Server-side validation is the the only reliable protection.
This is a good indicator of spam. All those validations do is tell the browser what rules you wish to apply to your fields. Spammers generally submit spam through automated systems, rather than manually through the browser, so those validations aren’t applied.
Webflow’s forms only support client-side validation (HTML5-level checks).
If your workflow requires real validation or rules enforcement, that must happen on the server — either through a custom form handler, serverless function, or a third-party service that performs server-side logic.
I build this out regularly for clients when validations need to be enforced securely.
