HTML novalidate Attribute

Beginner
⏱️ 6 min read
📚 Updated: Jun 2026
🎯 3 Examples
Forms & Input

Introduction

The novalidate attribute is a boolean HTML attribute on <form> that disables the browser’s built-in constraint validation on submit. Normally, empty required fields, invalid type="email" values, and other HTML5 rules block submission and show validation messages. With novalidate, the form submits without those browser checks—useful when you implement custom JavaScript validation or rely on server-side validation. It does not remove validation attributes from fields; it only stops the browser from enforcing them at submit time.

What You’ll Learn

01

Boolean attr

On form only.

02

Skip browser

No auto block.

03

Custom JS

Your own rules.

04

Server still

Always validate.

05

vs formnovalidate

Per button.

06

.novalidate JS

true / false.

Purpose of novalidate Attribute

The primary purpose of novalidate is to turn off native form validation so you control when and how errors appear. Design systems often need consistent custom error UI instead of browser tooltips. Multi-step wizards may validate each step with JavaScript rather than HTML5 on the whole form. Some apps send raw input to the server and display errors from an API response.

The old reference described it as enabling “faster submissions”—that misses the point. Skipping validation does not make legitimate submits faster; it means invalid data can reach your handler unless you validate elsewhere. Always validate on the server regardless of novalidate.

⚠️
Not a security feature

novalidate is easy for users to bypass in DevTools. Treat it as a UX switch for browser validation, not as server-side protection.

📝 Syntax

Add the boolean novalidate attribute to a <form>:

novalidate.html
<form action="/signup" method="post" novalidate>

  <label for="username">Username:</label>

  <input type="text" id="username" name="username" required>



  <label for="email">Email:</label>

  <input type="email" id="email" name="email" required>



  <button type="submit">Sign up</button>

</form>

Syntax Rules

  • Boolean attribute—write novalidate alone; presence disables browser validation.
  • Valid only on <form>, not on individual inputs.
  • Fields keep required, pattern, etc.—you can still call input.checkValidity() in JavaScript.
  • JavaScript IDL property: formElement.novalidate = true (boolean).
  • For one submit button that skips validation, use formnovalidate on that button instead.
  • Pair with custom validation or server checks—never leave data unvalidated.

💎 Values

The novalidate attribute is boolean—not a string value like the old reference suggested:

  • novalidate — Attribute present; browser validation disabled on submit.
  • novalidate="" — Also valid in HTML5; same as bare novalidate.
  • Attribute absent — Default; browser runs constraint validation on submit.
  • JavaScript: form.novalidate = true disables; false re-enables browser validation.
novalidate-js.html
const form = document.getElementById("myForm");

form.novalidate = true;   // skip browser validation

form.novalidate = false;  // restore browser validation

⚡ Quick Reference

Use caseMarkupNotes
Disable all browser validation<form novalidate>Every submit
Default validationOmit novalidateBrowser blocks invalid submit
One button skips validation<button formnovalidate>Not on form
Toggle via JSform.novalidate = trueBoolean property
Manual check in JSinput.checkValidity()Still works with novalidate
Server safetyValidate in backendAlways required

Applicable Elements

ElementSupported?Notes
<form>YesOnly valid element
<input>, <button>NoUse formnovalidate on submit buttons
<fieldset>NoValidation scoped via parent form

novalidate vs formnovalidate

AttributeOnEffect
novalidate<form>Skips browser validation for every submit
formnovalidateSubmit <button>Skips validation only when that button is used

Example: a form with “Save draft” (formnovalidate) and “Publish” (validated) buttons on the same form.

Examples Gallery

Submit with required fields bypassed, toggle form.novalidate, and custom JavaScript validation.

👀 Live Preview

Try submitting this required field empty—novalidate lets it through:

Leave empty and submit — no browser popup because the form has novalidate.

Example — Form with novalidate

Required fields that browser validation will not block:

form-novalidate.html
<form action="/submit" method="post" novalidate>

  <label for="username">Username:</label>

  <input type="text" id="username" name="username" required>



  <label for="email">Email:</label>

  <input type="email" id="email" name="email" required>



  <button type="submit">Submit</button>

</form>
Try It Yourself

How It Works

Without novalidate, the browser calls reportValidity() before submit. With novalidate, that step is skipped and the submit event proceeds.

Dynamic Values with JavaScript

Toggle browser validation with form.novalidate:

dynamic-novalidate.html
<form id="dynamicForm">

  <input type="email" required>

  <button type="submit">Submit</button>

</form>



<script>

  const form = document.getElementById("dynamicForm");

  form.novalidate = true;  // disable browser validation

  form.novalidate = false; // re-enable

</script>
Try It Yourself

How It Works

form.novalidate mirrors the boolean attribute. Modern browsers support toggling it at runtime for dynamic UX (e.g. “edit mode” vs “preview”).

Example — Custom JavaScript Validation

Combine novalidate with your own checks:

custom-validation.html
<form id="signup" novalidate>

  <input type="email" id="email" required>

  <button type="submit">Sign up</button>

</form>



<script>

  document.getElementById("signup").addEventListener("submit", function (e) {

    const email = document.getElementById("email");

    if (!email.checkValidity()) {

      e.preventDefault();

      showCustomError(email.validationMessage);

    }

  });

</script>
Try It Yourself

How It Works

novalidate disables automatic blocking on submit. Your script decides whether to call preventDefault() after running custom or API-driven validation logic.

♿ Accessibility

  • Announce errors — Custom validation must expose errors to screen readers with aria-invalid, aria-describedby, and visible text.
  • Do not rely on browser tooltips alone — Native validation bubbles may not meet your design or a11y requirements—replace them thoughtfully.
  • Focus invalid fields — Move focus to the first error so keyboard users discover problems.
  • Keep labelsnovalidate does not remove the need for <label> elements.
  • Match native semantics — Use appropriate type, required, and ARIA so assistive tech understands field purpose even when browser validation is off.

🧠 How novalidate Works

1

User submits form

Click submit or press Enter.

Submit
2

Browser checks novalidate

If present, skip constraint validation.

Flag
3

Submit proceeds

Or your JS validates first.

Handler
=

Custom control

You own validation UX.

Browser Support

The novalidate attribute is supported in all modern browsers on <form> elements. The form.novalidate JavaScript property is also widely supported. HTML5 constraint validation itself is available in Chrome, Firefox, Safari, and Edge.

HTML5 · Fully supported

Broad novalidate compatibility

All major browsers support the novalidate attribute in production use.

98% Browser support
Google Chrome Fully supported
Full support
Mozilla Firefox Fully supported
Full support
Apple Safari Fully supported
Full support
Microsoft Edge Fully supported
Full support
Internet Explorer IE 9+ supported
Full support
Opera Fully supported
Full support
novalidate attribute 98% supported

Bottom line: Use novalidate confidently in modern browsers; always add server-side validation.

💡 Best Practices

✅ Do

  • Validate on the server always — Client checks are for UX; never trust them alone.
  • Prefer native validation when possible — Only use novalidate when you need custom UI or logic.
  • Use formnovalidate for drafts — Skip validation on “Save draft” while keeping it on “Publish”.
  • Reuse constraint APIs — Call checkValidity() in JavaScript instead of duplicating every rule.
  • Show clear errors — Replace browser bubbles with accessible custom messages.

❌ Don’t

  • Do not use for “speed” — Disabling validation is not a performance optimization.

Conclusion

The novalidate attribute disables browser constraint validation on a <form>, giving you room for custom JavaScript or server-driven validation flows.

Use it deliberately, pair it with accessible error handling, and never treat it as a substitute for server-side checks. For per-button control, reach for formnovalidate instead.

Key Takeaways

Knowledge Unlocked

Five truths every developer should know about novalidate

Bookmark these before your next novalidate implementation.

5
Core concepts
🚫 02

Skip browser

On submit.

Behavior
⚙️ 03

Custom JS

Your rules.

Pattern
🔒 04

Server validate

Always.

Security
🛠️ 05

vs formnovalidate

Per button.

Compare

❓ Frequently Asked Questions

It tells the browser not to run HTML5 constraint validation when the form is submitted. Invalid fields no longer block submission automatically.
The <form> element only. Use formnovalidate on individual submit buttons for partial bypass.
Yes. Write novalidate alone. It is not a string value like novalidate="novalidate" as the old reference incorrectly stated.
Always. novalidate only affects the browser. Attackers can submit any data directly to your server.
novalidate on the form disables validation for all submits. formnovalidate on one button skips validation only for that button.
form.novalidate = true disables browser validation; false re-enables it. Works reliably in modern browsers.

Control form validation with novalidate

Practice skipping browser checks, toggling form.novalidate, and custom validation in the Try It editor.

Try novalidate form →

About the author

Mari Selvan M P
Mari Selvan M P 🔗

Developer, cloud engineer, and technical writer

  • Experience 12 years building web and cloud systems
  • Focus Full Stack Development, AWS, and Developer Education

I write practical tutorials so students and working developers can learn by doing—from databases and APIs to deployment on AWS.

5 people found this page helpful