Login/Register
Do all browsers ignore nameless input fields?
Asked Answered
Solved htmlhttp-postformsinput-fieldname-attribute
A

2

5

Is it guaranteed that a browser doesn't send an input element if it doesn't have the name attribute specified?

For example, can we assume that POSTing the form below won't send the credit card number?

<form action="/process" method="post">
  <input id="credit-card-number" type="text">
  <input type="submit" name="commit" value="Go">
</form>
Alinaaline answered 8/10, 2012 at 15:24 Comment(3)
Impossible to say whether "all browsers" handle the spec correctly. But all browsers that matter do.Mantel
What makes you ask this? Prompting for a credit card number looks risky, so why would you do that if you don’t want to send it?Vernievernier
@JukkaK.Korpela By not sending credit card information to your server the PCI-compliance criteria is significantly dropped. In this case, we validate other order information over AJAX. Once validated, we generate a hidden credit card form on the fly which we send to the gateway provider, thus dodging the huge responsibility.Alinaaline
F
11

Is it guaranteed that a browser doesn't send an input element if it doesn't have the name attribute specified?

Yes (unless you muck about with JavaScript to change that).

The specification is quite clear that controls without names cannot be successful.

A successful control must be defined within a FORM element and must have a control name.

Firdausi answered 8/10, 2012 at 15:25 Comment(0)
S
0

The standard says that to send an input it should be a successful "control."

If a control doesn't have a name it's not a successful "control," so it should not be sent.

See http://www.w3.org/TR/html401/interact/forms.html

Septarium answered 8/10, 2012 at 15:28 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.