Watch out for Autocomplete
I ran into a funny problem today that had to do with the Autocomplete feature in Firefox. If I had autocomplete turned off on my computer it would have been very hard to debug this issue, but I quickly realized that autocomplete was the problem.
Suppose you have a backend app to manage users. You have a login for that looks like this:
<label for="username">Username</label> <input type="text" name="username" id="username" />
Now if you also have an edit user form with the same code, autocomplete will fill in the username you used to login with into the username field. This is not a problem if your editing your own username, but if you want to edit someone else, then you have a problem.
So at first I thought I could fix this by changing the
name attribute on the
input tag, but this didn't work. You have to change the
Another way to fix this is to set
autocomplete="off" in your
input tag. But that is a non standard attribute, and breaks HTML validation.
- Turn off autocomplete for credit card input - October 7, 2005
- Blocking Mozilla / Google Prefetch - April 6, 2005
- Where are my ALT tooltips in Firefox - March 11, 2005
Simply place a hidden password field, with no name, at the start of your form - this seems to trick firefox into thinking that this is the main password field, but as there's no name it a) doesn't get set and b) doesn't get submitted!
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token
- The cf_sql_ is optional in cfqueryparam
- Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z
- Burst Throttling on AWS API Gateway Explained