Don’t rely on maxlength to shorten passwordsMonday, February 6th, 2006 at 6:47 pm
It is bad practice to rely on the maxlength attribute of form fields to ensure the real length of entered data. That much I knew, as playing with curl made me aware how vulnerable forms are on the wild wild web.
However, I was a bit agog when I realised that it is possible to change the value of a field to a word longer than maxlength on MSIE and Opera.
So, don’t trust maxlength, make sure to also check the real length on the server side.