- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 26 Nov 2008 12:19:19 +0100
Ian Hickson wrote: > ... > On Wed, 26 Nov 2008, Julian Reschke wrote: >>> Do you have a concrete example where the login form is complex in a >>> manner where the fields can't be identified and there is reason to >>> believe that a bot will want to authenticate but won't have been given >>> enough information to do so? >> Well, it was you stating that the form could be arbitrarily complex. > > It can, yes. HTML allows arbitrarily complex forms, and we don't want to > limit login forms to just two fields and a button. (I regularly log in to > systems where the login forms are two text fields and a checkbox, or two > text fields and a drop down, or five or so text fields. But in none of > these cases would I personally expect a bot to ever have my credentials.) > ... Yes. So wouldn't it make sense to address the common use case so that it doesn't require the "bot" (the non-HTML UA) to parse the response body? BR, Julian
Received on Wednesday, 26 November 2008 03:19:19 UTC