Watch out for Autocomplete
I ran into a funny problem today that had to do with the Autocomplete feature in Firefox. If I had autocomplete turned off on my computer it would have been very hard to debug this issue, but I quickly realized that autocomplete was the problem.
Suppose you have a backend app to manage users. You have a login for that looks like this:
<label for="username">Username</label> <input type="text" name="username" id="username" />
Now if you also have an edit user form with the same code, autocomplete will fill in the username you used to login with into the username field. This is not a problem if your editing your own username, but if you want to edit someone else, then you have a problem.
So at first I thought I could fix this by changing the
name attribute on the
input tag, but this didn't work. You have to change the
Another way to fix this is to set
autocomplete="off" in your
input tag. But that is a non standard attribute, and breaks HTML validation.
- Turn off autocomplete for credit card input - October 7, 2005
- Blocking Mozilla / Google Prefetch - April 6, 2005
- Where are my ALT tooltips in Firefox - March 11, 2005
Simply place a hidden password field, with no name, at the start of your form - this seems to trick firefox into thinking that this is the main password field, but as there's no name it a) doesn't get set and b) doesn't get submitted!
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides
- My CFSummit 2015 Slide Decks
- Adding Chrome Custom Search for CFDocs
- Disable Flash Remoting on ColdFusion Servers
- HackMyCF Adds SSL/TLS Scanner
- IncompatibleClassChangeError after ColdFusion 11 Update 5
- Scope Injection in CFML