[thelist] Interesting - maybe already known - vulnerability of maxlength in MSIE and Opera

Christian Heilmann codepo8 at gmail.com
Mon Feb 6 11:40:25 CST 2006

Check this out:

When you have a password field with a maxlength attribute and you
change the value via JavaScript, you can submit passwords longer than
the maximum length in MSIE and Opera. Firefox cuts the password off. I
will check Safari later from home.

I always knew that maxlength is untrustworthy, it has shifty eyes if
you look closer!

Chris Heilmann
Blog: http://www.wait-till-i.com
Writing: http://icant.co.uk/
Binaries: http://www.onlinetools.org/

More information about the thelist mailing list