- From: Mike Wexler <mwexler@frame.com>
- Date: Fri, 23 Feb 1996 10:37:58 -0800
- To: Dan Delaney <dgdela01@homer.louisville.edu>
- Cc: www-html@w3.org
I'm all for having the ability to auto enter these common fields, but if you
think "the bad guys" are going to limit there ploys to get information
that you don't want to give to using type="hidden", your missing
a lot of other possibilities. What if somebody sets the background color
of there page to black and sets the foreground color of the type-in field
to black? You'll never see it. What if the form looks like it has only a
few entries on it, but there are 10,000 blank lines followed by some
extra fields? I can think of several other ways to accomplish this.
This is probably beyond the scope of such a spec, but a browser could
do something like say
I'm about to fill in your name, address, city, state, zip,
credit card number, expiration date, and social security number.
If you press a submit button this information will be submitted
to http://crime.org/cgi-bin/gotcha.pl. By the way, this
information will be sent over an unsecure link.
---
|X| Warn me again next time.
---
<OK> <CANCEL> <HELP>
> On Fri, 23 Feb 1996, Mary Holstege wrote:
> > those of us on the more paranoid side are instead imagining forms such as t
his
> > <form action="/cgi-bin/laughing-all-the-way-to-bank">
> > <input type="hidden" name="social-security-number">
> > <input type="hidden" name="date-of-birth">
> > <input type="hidden" name="visa-number">
> > <input type="hidden" name="visa-expiration">
>
Received on Friday, 23 February 1996 13:38:22 UTC