[thelist] Interesting - maybe already known - vulnerability of maxlength in MSIE and Opera

[kasimir-k]

Christian Heilmann scribeva in 06/02/2006 17:40:
> http://icant.co.uk/sandbox/maxlength.php
...
> Firefox cuts the password off.

It sure does, so with Firefox one has to use "Remove Maximum Lengths" 
feature of the Web Developer Toolbar...

Or save the page, edit the form, open the modified page and submit.

> I always knew that maxlength is untrustworthy,

Indeed it is - and I'd go a bit further saying: clientside is untrustworthy.

A good reminder to always check any user input on the server side.

.k