W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 26 Nov 2008 12:19:19 +0100
Message-ID: <492D30B7.7050404@gmx.de>
Ian Hickson wrote:
> ...
> On Wed, 26 Nov 2008, Julian Reschke wrote:
>>> Do you have a concrete example where the login form is complex in a 
>>> manner where the fields can't be identified and there is reason to 
>>> believe that a bot will want to authenticate but won't have been given 
>>> enough information to do so?
>> Well, it was you stating that the form could be arbitrarily complex.
> 
> It can, yes. HTML allows arbitrarily complex forms, and we don't want to 
> limit login forms to just two fields and a button. (I regularly log in to 
> systems where the login forms are two text fields and a checkbox, or two 
> text fields and a drop down, or five or so text fields. But in none of 
> these cases would I personally expect a bot to ever have my credentials.)
> ...

Yes. So wouldn't it make sense to address the common use case so that it 
doesn't require the "bot" (the non-HTML UA) to parse the response body?

BR, Julian
Received on Wednesday, 26 November 2008 03:19:19 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC