For anyone who receives from Google:
As far as I know, JavaScript is the only way to make them a delimited string, because it gets complicated if you want a general solution that can deal with all the possible delimiters you want and support escaping the delimiter if it appears in one of the value strings.
If at all possible, I strongly recommend just accepting the format my_match=190&my_match=200 and converting them to the server.
In PHP, this is automatic if you put [] at the end of a name. Other languages ββlike Python will usually have a special getter that returns a list, not a single value. (For example, request.POST.getlist('my_match') in Django)
Based on JavaScript, your page becomes more fragile because a debugging connection, network icon, or a broken firewall at the application level can prevent JavaScript from loading or delay it long enough for the user to try to submit without it.
(And if you turn off the submit button until JavaScript is loaded, you just annoy and / or upset your visitors and give the impression that your site is designed so that everyone else does this fine. Always remember how your actions affect the first impression you make.)
... not to mention that depending on JavaScript, when you donβt need strictly (for example, drop-down menus without backup :hover , forms that frivolously require sending JavaScript, etc.), annoying people like I who use JavaScript for whitelisting, such as NoScript for:
- Make a web ad and do a survey! interstitial less annoying
- Reduce the slowness of opening tabs and extensions.
- Limit the success rate of a 0-day exploit
If you absolutely must use JavaScript in this situation, be sure to use the <noscript> tag to warn people are reloading with JavaScript enabled before filling out the form.