[thelist] "Non-3d" form boxes

jeff jeff at members.evolt.org
Mon Dec 4 13:50:19 CST 2000


matt,

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: M. Hannan
:
: All form elements are unhideable.  Try and put a layer
: over top of a form element and see what happens....the
: form comes shining through.  CSS is not a security issue
: but a hidden form could be (you could hit the Enter key
: (Alt-Cmd-DownArrow-Squiggly on the Mac) and submit
: something unknowingly.
:
: Am I making sense now?
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

no, not really.  what would you call this?

<input type="hidden" name="foo" value="bar">

or this?

<input type="text" name="foo2" value="bar2" style="display:none">

in my experience (which does not include macs) is that all form elements
(the <select> being the exception in *some* browsers) can have layers over
top of them without the form element showing through.  the reason the
<select> shows through is because it's a "windowed element".  iframes,
objects, and applets fall into this category as well.  now, also in my
experience i've not had any difficulty covering a <select> and not having it
show through, but that could just be me.

again, i don't think this has anything to do with security.

<tip type="form wackiness" author=".jeff">

think you're a big-playin' js/dhtml-guru and have come up with a way to
wrestle that ugly file input into submission?  i bet you're thinking about
just setting it's display to none and calling it's click event (which brings
up the browse dialogue) from something else on the page.  i've got $50 that
says you won't be able to explain why your form never uploads any files.

want the answer without trying it yourself?  it seems that if a file input
receives a call to it's click() method that the form element will magically
clear itself when you click the submit button and halt submission requiring
a second click on the submit button, this time causing nothing to be
uploaded.

known affected setups?

ie5.0 on both win2k and win98

</tip>

good luck,

.jeff

name://jeff.howden
game://web.development
http://www.evolt.org/
mailto:jeff at members.evolt.org





More information about the thelist mailing list