Don't modify hidden/disabled/readonly fields

NEW
Unassigned

Status

()

4 years ago
2 years ago

People

(Reporter: MattN, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
Points:
2
Bug Flags:
firefox-backlog +

Firefox Tracking Flags

(Not tracked)

Details

They may still have @autocomplete and provide hints for which profile to use but we should never modify the value of them.
Flags: firefox-backlog+
Summary: Don't modify hidden/disabled fields → Don't modify hidden/disabled/readonly fields

Updated

4 years ago
Points: --- → 2
Whiteboard: p=2
(In reply to Matthew N. [:MattN] (PM me if requests are blocking you) from comment #0)
> They may still have @autocomplete and provide hints for which profile to use
> but we should never modify the value of them.

I can't tell - does this mean hidden fields could still auto-fill? There's a well-publicized phishing vector in that case: https://github.com/anttiviljami/browser-autofill-phishing
You need to log in before you can comment on or make changes to this bug.