We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

Does Firefox address autofill fill in inputs that are hidden with CSS? If so, should it?

  • 4 ответа
  • 1 имеет эту проблему
  • 1 просмотр
  • Последний ответ от regularmike

more options

I ran into an issue today where a honeypot field in a form I created was populated by the Firefox address autofill feature. This was causing a form submission to be rejected for a human user who was trying to register on my website. The field was a normal input element of type "text" but the containing div was hidden with CSS. When I tested the form with Chrome and Edge's address autofill feature it didn't populate it. Is there a reason this behavior is different in Firefox? Does it also fill in inputs of type "hidden?"

I ran into an issue today where a honeypot field in a form I created was populated by the Firefox address autofill feature. This was causing a form submission to be rejected for a human user who was trying to register on my website. The field was a normal input element of type "text" but the containing div was hidden with CSS. When I tested the form with Chrome and Edge's address autofill feature it didn't populate it. Is there a reason this behavior is different in Firefox? Does it also fill in inputs of type "hidden?"

Все ответы (4)

more options

Perhaps you're right. You can read some discussions about it under these bug reports:

more options

There are some interesting points made in the first report. "Hidden" is indeed hard to define. However, not filling an input that appears to be hidden seems a lot safer than filling it. If there is a CSS rule to hide an input or its parent element I wish it would just err on the side of caution and not fill it like the other clients seem to.

more options

That is certainly a point one could add to one of the relevant bug reports.

more options

Good idea. Done. This was resolved for me by using a name that's unrelated to address information for my honeypot field.