I am writing a web system on a certain domain with a log-in dialog.
The system lies on an address
http://www.example.com/systemB/
However, there is a different system at address
http://www.example.com/systemA/
that uses a different log-in dialog, with different credentials. (Users who use systemB often use systemA too.)
Most browsers, however, automatically take the credentials from http://www.example.com/systemA/ and auto-fill them in the http://www.example.com/systemB/.
Can I write the website in such a way, that the dialog won't be autofilled from the systemA automatically, but the auto-fill will still be allowed? (For example, write some "auto-fill domain".)
I know I can ues autocomplete="off", but I don't want to turn it off outright.
You can try set empty value to the fields from systemA (value=""). When the user open it, the fields are empty but if he click on them, there will be autofill recommendations.
Related
I use few websites on which i would like to remember username and password.
Login mechanism is divided on two steps, in first user gives username and in next step password. Firefox remembers both of them but in next login try, username is not filled so I must fill it manually. It doesn't propose any values even if I start typing. Its not my website so I can't modify code to the working state. There is possibility that owner made it as intended but I don't care. I want to have autofill both fields, not only password field. It's my credentials, not owner of website. I have found some javascript code running as a bookmark
javascript:(function(){var fm=document.getElementsByTagName('form');for(i=0;i<fm.length;i++){fm[i].setAttribute('autocomplete','on');}})()
and it even worked for some time on one of these problematic websites (autofill proposed me a value after typed first letter) but now it doesn't work any longer.
The problematic website i want to have fully working autofill is
h**ps://www.orange.pl/twojekonto/zaloguj
Is there anything I can do to force it? Maybe other javascript inject by bookmark? I am using Firefox 91.0.2.
How can I prevent a user from making a modification to the value being entered into an element, say input ,
For example, if I have an input for the invoice number, I do not want the user to modify it through the web developer tools available in Internet browsers such as Chrome, Firefox and others through the (Inspect) feature.
I tried to hide the element but I don't want to hide it, I just want to show it and not modify it.
I used hidden, as well as for readers only, but the user can cancel the read-only feature
for example :
enter image description here
It is possible to use hidden but it will cause a problem for my tables I don't want to duplicate items, as I will have to create an item for the product price that is visible and another item with the same data but hidden
You can't control what information the user sends to the server.
You need to perform authentication and authorization on the server.
If the server sends a request which, for example, says "Mark invoice 12345 as paid" then you need to check that the logged in user is a user who has permission to order that that particular invoice be marked as paid.
I have two whitelisted domains in my organization, and I have a form that should not be fillable by any user in one of those domains. The form automatically collects the full address of the user. So... anybody#domain1.com should be able to open the form, fill it out, and submit it. everyone#domain2.com should be blocked in some way from filling and sending the form. Remember, they're not entering an e-mail address; the address is simply auto-filled via normal GForm rules.
I'm starting to look into using Google script to do this somehow, but am unfamiliar with it - thought dropping a question here while I look would be beneficial.
I want to achieve this: when I open specific url (there is roundcube login page) in Chrome on desktop, I want to have username prefilled (or at least when I start typing "h" it should show me ability to use username hello#something.dom - this way I have it on Android in chrome).
Any idea how to do this please and set it up in chrome on desktop? (I do not want to save username and password in Password settings in Chrome, I just need to get ability to choose from previously used or stored prefill value, so I do not need to type it again and again many times per day)
Thank you!
This was actually done in 2010 as part of GitHub issue 3044.
You can append the GET parameters _user or _host to prefill these fields. It's not implemented for the password field for obvious reasons.
https://mail.mycompany.example/?_user=hello%40something.dom
How can we submit a form without Javascript and not by pressing any buttons?
I need to transfer a content to another file when a function works under certain conditions. Both the files are written in Perl. The pages are loaded in a webserver(same). I need to transfer a value, which the user doesn't want to know what I'm sending. So I came up with the post method is safe.
But there I didn't find any ways to redirect a URL where the values are transmitted in post method. So I came up with the form submission. But the problem is I need to use javascript or make user to press a button to complete the task.
The problem with Js is there some users who disable JS in their browsers.
So using it is not preferable. With the button,
I can't make the user to do that for me.
Is there any other scripting language, which supports such functionality?
There are some conditions that I can't use session
What I did is encryption for identifying the user from knowing what data is transmitted. The receiving page will decrypt it when it is required. But it's not what I needed.
I need to transfer a value, which the user doesn't want to know what I'm sending. So I came up with the post method is safe.
It isn't. If you pass it through the user's browser, then the user can see it.
Is there any other scripting language, which supports such functionality?
No. There is no programming language as well supported in browsers as JavaScript, and none that are harder to disable then JS.
Store the value on the server (you could use a session) and redirect the user with a normal 302 status and Location header. You can pass a session token via cookies or the query string.
You can't make a user do anything, unless you're writing for a browser the equivalent of a trojan.
But secondly, without something on the client side, you can't ensure that you can get information that you didn't have when you sent the page.
You could place some links, and know which links they clicked on by passing it through a central tracking program, but those links wouldn't have anything in them that didn't originate on the server without client script running.
Still, despite that you can entice a user to click on a link more than a simply functional button, in either case you can't get guaranteed new information from them. They can always close the tab, close the browser, or press the back button. This goes back to point #1: you can't make users do anything.