Safari auto-fill considered harmful

The buggy form auto-fill feature in Safari has put me in trouble in the past as I reported already. But here is another nasty strike that just happened while I was adding a comment on this site:

safariautofill.gif

As you can see, had I not seen the pre-filled URL, I would have spammed my own weblog! It's a chance I caught it before submitting the form, as normally this information is pre-filled using a cookie. I guess that Safari decided that the URL field had to be filled with the information of the last comment-spam I had deleted before.

If you are using the auto-fill feature in Safari, you'd better double check what it decides to fill in itself!

Update: in the AutoFill Web Forms preferences, I unchecked Other Forms to prevent Safari from filling out anything but personal info and authentication forms. It didn't prevent Safari from continuing to autofill "other forms" as usual (like when I delete a comment spam on MT). I really don't like that.

2 Comments

My personal rule:

"Never use autofill, it is a security flaw in the various browsers".

Each time I help somebody to install or reinstall his computer and the dialog "Do you want autofill" shows up, I click "No" and I explain why.

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...