Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Does Firefox address autofill fill in inputs that are hidden with CSS? If so, should it?

  • 4 antwurd
  • 1 hat dit probleem
  • 2 werjeftes
  • Lêste antwurd fan regularmike

more options

I ran into an issue today where a honeypot field in a form I created was populated by the Firefox address autofill feature. This was causing a form submission to be rejected for a human user who was trying to register on my website. The field was a normal input element of type "text" but the containing div was hidden with CSS. When I tested the form with Chrome and Edge's address autofill feature it didn't populate it. Is there a reason this behavior is different in Firefox? Does it also fill in inputs of type "hidden?"

I ran into an issue today where a honeypot field in a form I created was populated by the Firefox address autofill feature. This was causing a form submission to be rejected for a human user who was trying to register on my website. The field was a normal input element of type "text" but the containing div was hidden with CSS. When I tested the form with Chrome and Edge's address autofill feature it didn't populate it. Is there a reason this behavior is different in Firefox? Does it also fill in inputs of type "hidden?"

Alle antwurden (4)

more options

Perhaps you're right. You can read some discussions about it under these bug reports:

more options

There are some interesting points made in the first report. "Hidden" is indeed hard to define. However, not filling an input that appears to be hidden seems a lot safer than filling it. If there is a CSS rule to hide an input or its parent element I wish it would just err on the side of caution and not fill it like the other clients seem to.

more options

That is certainly a point one could add to one of the relevant bug reports.

more options

Good idea. Done. This was resolved for me by using a name that's unrelated to address information for my honeypot field.