Forum Moderators: open
<html>
<form name=login>
<input type=hidden name=username>
<input type=checkbox name=remember>
</form>
<form name=autologin>
<input type=hidden name=username value='michaelbluejay'>
</form>
<script type=text/javascript>
alert(document.login.username.value);
</script>
</html>
The alert says "michaelbluejay"!
BUT, if you rename either form to just about everything else, it works as expected. I thought that maybe the problem was that the name of one form was a subset of the other, but other subsets didn't produce the same problem. I also tried enclosing the form names in quotes, no difference. It also doesn't seem to matter whether I explicitly set the first field's value to value=''.
That's not all! If I rename the first form to something else to get it to work (say, "fred"), then remove the line for the checkbox field, Firefox gives the Javascript error: "document.fred has no properties". I take out an unrelated form field, and suddenly the form has no properties?!
Didn't get these problems in IE5/Mac, the only other browser I can test at the moment. (My Safari is broken and won't show alerts, and my Windows machine is down at the moment.)
Weird.
Note, a better method might be to give your inputs an id and then refer to them directly. Using named forms is soooooo 90's. :-)
OK, yes, it's a bug, and a serious and unfixed one at the time of writing:
The flaw allows a maliciously crafted page to auto-fill a form with credentials intended for another site. Apparently, there is no warning in Firefox 2.0 or previous versions that the credentials are being pulled for the wrong site and submitted to a third party.
Details of the flaw first became public this week. Mozilla developers do not yet have a fix.
In your case, you have a saved password (perhaps for this site) which is being auto-filled by Firefox when you use an input with the same name attribute.
If I rename the first form to something else to get it to work (say, "fred"), then remove the line for the checkbox field, Firefox gives the Javascript error: "document.fred has no properties".
Did you also change this
alert(document.login.username.value);
to this?
alert(document.fred.username.value);
I'm sure there's a list out there but am cautious to avoid names that might present problems. Try naming any object "search" and see what happens.
Did you also change this
alert(document.login.username.value);to this?
alert(document.fred.username.value);
Yep.
Seems like the problem might have been autofill, which I wouldn't see since the fields were hidden.
Anyway, I ran across this bug when trying to troubleshoot another problem. And I fixed THAT problem by realizing I had nested <forms>. Unnesting them did the trick. So now that my pages work I'm no longer interested in solving the bug I posted about in this thread, I wasted enough time on it already.
Yeah, I know that referring to forms by name instead of ID is so 90's, but I like to think I'm honoring Cake, Filter, the Toadies, Everclear, and Foo Fighters by doing it that way.
