Funkcionalnosć toś togo sedła se pśez wótwardowańske źěła wobgranicujo, kótarež maju wašo dožywjenje pólěpšyś. Jolic nastawk waš problem njerozwězujo a cośo pšašanje stajiś, wobrośćo se na našo zgromoźeństwo pomocy, kótarež na to caka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomagaś.

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Does Firefox address autofill fill in inputs that are hidden with CSS? If so, should it?

  • 4 wótegrona
  • 1 ma toś ten problem
  • 2 naglěda
  • Slědne wótegrono wót regularmike

more options

I ran into an issue today where a honeypot field in a form I created was populated by the Firefox address autofill feature. This was causing a form submission to be rejected for a human user who was trying to register on my website. The field was a normal input element of type "text" but the containing div was hidden with CSS. When I tested the form with Chrome and Edge's address autofill feature it didn't populate it. Is there a reason this behavior is different in Firefox? Does it also fill in inputs of type "hidden?"

I ran into an issue today where a honeypot field in a form I created was populated by the Firefox address autofill feature. This was causing a form submission to be rejected for a human user who was trying to register on my website. The field was a normal input element of type "text" but the containing div was hidden with CSS. When I tested the form with Chrome and Edge's address autofill feature it didn't populate it. Is there a reason this behavior is different in Firefox? Does it also fill in inputs of type "hidden?"

Wšykne wótegrona (4)

more options

Perhaps you're right. You can read some discussions about it under these bug reports:

more options

There are some interesting points made in the first report. "Hidden" is indeed hard to define. However, not filling an input that appears to be hidden seems a lot safer than filling it. If there is a CSS rule to hide an input or its parent element I wish it would just err on the side of caution and not fill it like the other clients seem to.

more options

That is certainly a point one could add to one of the relevant bug reports.

more options

Good idea. Done. This was resolved for me by using a name that's unrelated to address information for my honeypot field.