Can users manipulate values from read-only fields using javascript or any other way?
Question
I have simple html form below that has the regno field set as readonly.Is it possible for any user to some way change the value that are being sent?
I read about XSS attacks how scripts are submitted in user forms to steal cookies etc... so is it also possible for users to manipulate the values that are submitted in read-only field of forms.
here is my sample code
Register Number :<input type="text" name="regno" value="007" readonly = "readonly" />
and a sample php code to display values.
<?php
foreach($_POST as $value){
$str=htmlspecialchars(trim($value));
echo $str;
}
?>
is it possible for users to still manipulate the value?
1 answers
solution1
3 ACCPTED 2014-01-01 15:45:08
Can a regular user with no malicious intent change the value of a read only input? No.
Malicious user, however, can always post any arbitrary data regardless of how your form looks which is why you always validate user input on the server and never rely on client-side code alone for validation.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.