I know this is a broad question, but I think I'm missing something here. Is it possible for an attacker to cause damage to a site by simple using inspect element and editing the javascript and html? For example, it seems too easy for someone to change the maxlength of an input, and upload so much data that it could crash the server, I know that it is always good practice to check data at the server but it still seems too easy. Or another more potentially dangerous example is if the attacker can mess with an $.ajax
call and send bad info to the server. Is it something I should be worrying more about or are the changes just temporary, on the attackers browser?
The changes are temporary on the individual user's browser.
However, the changes will allow that user to interact with your backend however they choose to do so. This is one way in which sites are attacked.
The standard rule is to never trust input coming from the user / browser. Do not trust the value of hidden fields, do not trust that they have not changed the length, do not trust that they have not added new values (e.g. to a drop down), do not trust any validation that has been done in Javascript, etc.
Some examples: