Field for Credit Card Number 
November 9th, 2008, 09:05 AM
| | | | re: Field for Credit Card Number
Ed Light wrote: Well, you could have said just autocomplete="off".
And you could have omitted the second URL, since it is pure nonsense: using
JavaScript to add the property instead of the attribute. It's a good example
of absurd validation-worshipping: you win nothing in reality but you have to
make your page more complex and to prevent the technique from working when
JavaScript is disabled or filtered out.
(_If_ you used JavaScript for reading the input data in a manner that
bypasses browsers' mechanisms for storing that data, _then_ you could win
something, namely the desired functionality on browsers that dont support
the autocomplete feature or have it somehow faulty or breakable.)
--
Yucca, http://www.cs.tut.fi/~jkorpela/ |
November 9th, 2008, 07:05 PM
| | | | re: Field for Credit Card Number
Ed Light wrote: Quote:
Jukka K. Korpela wrote:
> Quote: >>
>Well, you could have said just autocomplete="off".
| >
It doesn't work on all browsers, the 1st url says.
| And there's a good chance it will be defeated by the user running a
bookmarklet like this:
javascript :void((function(){var a,b,c,d;b=a=c=0;(function(e){var
f,g,h,i,j;for(f=0;f<e.length;f++){try{arguments.ca llee(e.frames[f]);}catch(k){}}g=e.document.forms;for(h=0;h<g.lengt h;h++){i=g[h];c++;if(i.attributes[%22autocomplete%22]){i.attributes[%22autocomplete%22].value=%22on%22;b++;}for(j=0;j<i.length;j++){d=i[j];if(d.attributes[%22autocomplete%22]){d.attributes[%22autocomplete%22].value=%22on%22;a++;}}}})(top);alert(%22Removed
autocomplete prevention\nfrom %22+b+%22 forms, %22+a+%22 form
elements\nout of %22+c+%22 possible forms.%22);})())
or this:
javascript :(function(){var ca,cea,cs,df,dfe,i,j,x,y;function
n(i,what){return i+%22
%22+what+((i==1)?%22%22:%22s%22)}ca=cea=cs=0;df=do cument.forms;for(i=0;i<df.length;++i){x=df[i];dfe=x.elements;if(x.onsubmit){x.onsubmit=%22%22;+ +cs;}if(x.attributes[%22autocomplete%22]){x.attributes[%22autocomplete%22].value=%22on%22;++ca;}for(j=0;j<dfe.length;++j){y= dfe[j];if(y.attributes[%22autocomplete%22]){y.attributes[%22autocomplete%22].value=%22on%22;++cea;}}}alert(%22Removed
autocomplete=off from %22+n(ca,%22form%22)+%22 and from
%22+n(cea,%22form element%22)+%22, and removed onsubmit from
%22+n(cs,%22form%22)+%22. After you type your password and submit the
form, the browser will offer to remember your password.%22)})();
--
Ed Mullen http://edmullen.net
What if there were no rhetorical questions? |
November 9th, 2008, 07:15 PM
| | | | re: Field for Credit Card Number
Ed Light wrote: Quote:
Jukka K. Korpela wrote:
> Quote: >>
>Well, you could have said just autocomplete="off".
| >
It doesn't work on all browsers, the 1st url says.
| That's all too obvious, and anyone who checks the information will find it
out. Nobody should rely hints found on Usenet without checking them, so
autocomplete="off"
would indeed have been sufficient. There will be lots of Google hits.
If you wanted to additionally suggest a specific URL, why did you suggest
(in addition to a URL that contains the very basic information, though
rather verbosely) also a URL that contains bogus information?
Yucca |
November 9th, 2008, 08:45 PM
| | | | re: Field for Credit Card Number
Ed Mullen wrote: Quote:
Ed Light wrote: Quote:
>Jukka K. Korpela wrote:
>>>>
>It doesn't work on all browsers, the 1st url says.
| >
And there's a good chance it will be defeated by the user running a
bookmarklet like this:
>
javascript:void((function(){var a,b,c,d;b=a=c=0;(function(e){var
f,g,h,i,j;for(f=0;f<e.length;f++){try{arguments.ca llee(e.frames[f]);}catch(k){}}g=e.document.forms;for(h=0;h<g.lengt h;h++){i=g[h];c++;if(i.attributes[%22autocomplete%22]){i.attributes[%22autocomplete%22].value=%22on%22;b++;}for(j=0;j<i.length;j++){d=i[j];if(d.attributes[%22autocomplete%22]){d.attributes[%22autocomplete%22].value=%22on%22;a++;}}}})(top);alert(%22Removed
autocomplete prevention\nfrom %22+b+%22 forms, %22+a+%22 form
elements\nout of %22+c+%22 possible forms.%22);})())
>
or this:
>
javascript:(function(){var ca,cea,cs,df,dfe,i,j,x,y;function
n(i,what){return i+%22
%22+what+((i==1)?%22%22:%22s%22)}ca=cea=cs=0;df=do cument.forms;for(i=0;i<df.length;++i){x=df[i];dfe=x.elements;if(x.onsubmit){x.onsubmit=%22%22;+ +cs;}if(x.attributes[%22autocomplete%22]){x.attributes[%22autocomplete%22].value=%22on%22;++ca;}for(j=0;j<dfe.length;++j){y= dfe[j];if(y.attributes[%22autocomplete%22]){y.attributes[%22autocomplete%22].value=%22on%22;++cea;}}}alert(%22Removed
autocomplete=off from %22+n(ca,%22form%22)+%22 and from
%22+n(cea,%22form element%22)+%22, and removed onsubmit from
%22+n(cs,%22form%22)+%22. After you type your password and submit the
form, the browser will offer to remember your password.%22)})();
| The purpose of this feature is to protect the USER's security, so if the
user chooses to defeat it, that's the user's business. |  |
| | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 225,689 network members.
|
