Autofill clear_on_hide problem

  • Resolved WSO.host

    (@buzznot99)


    5 years, 10 months ago

    The clear_on_hide issue still happens if the user’s browser uses autofill. It seems a hidden field can be autofilled and submitted even if it isn’t visible! This results in some whacky looking output where fields that were never visible are filling in. This is not only confusing, but the user could be unknowingly submitting data that they don’t want to submit. Please look into this. If you need more info, please let me know.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Jules Colle

    (@jules-colle)

    as the name states, clear_on_hide will only clear fields when a group changes state from visible to hidden. so what you are asking for is not related to this function. What you should be doing is use conditional tags in the output email, too make sure only the data from the visible groups during form submission are shown.

    Apart from this, i agree that the browser auto filling hidden fields is not okay. But I feel this is partly the browser’s responsibility. A browser can easily detect if a certain field is visible and should not allow to input data automatically in hidden fields. This is something that should be reported as security issue. Anybody with bad intentions could code up a form with only the name field, and then have hundreds of other fields placed in a hidden div. you wouldn’t need the conditional fields plugin to do this.. I’ll check this issue and see which browser’s are implementing the autofill all wrong. I really hope the is some awareness about this

    Thread Starter WSO.host

    (@buzznot99)

    Agreed, this isn’t directly your issue. Also didn’t realize your plugin could be used in the output email, that is what you are saying, correct? If so that will be very useful.

    As for this being a general security issue, it really does seem to be. Seems people are out there talking about it:
    https://www.digitaltrends.com/computing/browser-bug-can-fill-in-personal-information-in-hidden-fields/

    Is there a way for your plugin to know if a field was autofilled or entered by hand? I assume not without javascript “watching” while the user fills out the form and then sending that info along during submission. If you could figure it out and null autofilled hidden fields, that would be useful. But this is probably beyond the scope of your plugin. Thanks for thinking about the issue.

    Plugin Author Jules Colle

    (@jules-colle)

    Well.. I could go ahead and include some script that looks for changing values in hidden fields and reverts them automatically. But this will do more harm than good. When I think about this I can clearly picture a developer pulling out his/her hair trying to figure out why the nifty little script they wrote to update values inside a hidden group is not working, googling desperately for: “How to update hidden fields” and “Why does javascript suck so hard”, before finally realizing that my plugin is undoing all his efforts and leaving a shitty 1-star rating and ending up hating wordpress for the rest of his/her life.

    Maybe a bit over-dramatic. But I guess if you want to make sure hidden fields don’t get auto completed, it’s probably better to leave it to the users of the plugin to implement their own javascript solution to cancel this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Autofill clear_on_hide problem’ is closed to new replies.