Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firefox caches hidden inputs

Tags:

html

autocomplete

input

hidden-field

I have a hidden input field in my form. I noticed that if that field's value is changed by javascript, and then the user refreshes the page, that same value will be set when the page reloads. From what I've seen, this only happens in Firefox.

I've solved this unwanted behaviour by adding autocomplete="off" to that hidden input, but W3C doesn't like this solution, and if i validate the page I get the error:

Attribute autocomplete not allowed on element input at this point.

Apparently, the autocomplete attribute works only on specific inputs - see here.

So is there any solution that will satisfy both W3C and Firefox?

like image 236
tamir Avatar asked Mar 20 '12 12:03

tamir

People also ask

What are hidden inputs?

Definition and Usage. The <input type="hidden"> defines a hidden input field. A hidden field lets web developers include data that cannot be seen or modified by users when a form is submitted. A hidden field often stores what database record that needs to be updated when the form is submitted.

Are hidden inputs safe?

Since they are not rendered visible, hidden inputs are sometimes erroneously perceived as safe. But similar to session cookies, hidden form inputs store the software's state information client-side, instead of server-side. This makes it vulnerable.

How do I hide hidden fields in inspect element?

It is not possible to hide elements from the DOM inspector, that would defeat the purpose of having that tool. Disabling javascript is all it would take to bypass right click protection. What you should do is implement a proper autologin.

2 Answers

To validate (which I wouldn't put as much effort into as you are) I think you could use autocomplete="off" on the entire form, then turn it back on selectively, like this:

<!DOCTYPE html>
<html>
<head>
    <title>TEST</title>
</head>
<body>
    <form autocomplete="off">
        <input type="hidden" name="test">
        <input type="text" name="otherfield" autocomplete="on">
    </form>
</body>
</html>

I initially thought this was a Firefox bug but after discussion with robertc in the comments, I think expected behavior depends on specific use cases. The spec doesn't allow autocompletion on hidden fields so my first reaction still feels right, but Firefox's implementation might have some good arguments to support it. Please comment.

like image 170
jmlnik Avatar answered Nov 13 '22 17:11

jmlnik

Alternatively, you could use <input type="text" style="display: none;" autocomplete="off" /> instead. It's a bit of a hack, but it should work!

The caching in Firefox is actually quite a good feature a lot of the time, but it does cause some problems when you build more dynamic forms.

like image 40
Moo Avatar answered Nov 13 '22 16:11

Moo
Sign in to Comment

Related questions

<asp:Table> Vs html <table> [closed]
HTML5 video on iPad
Are self-closing input tags valid in HTML 4?
Firefox: box-sizing and min-height
Android-- PhoneGap/WebView ignores viewport meta tags?
Position fixed content overlapping problem
HTML5 File API: FileReader.readAsText() returns "undefined"
Prevent browser converting '\n' between lines into space (for Chinese characters)
article, section or div for list of products?
Request a file with a custom header
checkValidity to update UI
Bad values in meta tags
Is there an html tag that does not have any effect on an html document?
Orphan CSS: How avoid headers (h1, h2...) on bottom page?
Using Firebase with Electron
Insert the folium maps into the jinja template
Bootstrap 4 - Nav - Hiding extra menu items
Zooming with canvas
How to find out if an element overflows (with jQuery)?
Android 4.0.1 breaks WebView HTML 5 local storage?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!