[whatwg] Solving the login/logout problem in HTML

Julian Reschke julian.reschke at gmx.de
Wed Nov 26 03:19:19 PST 2008


Ian Hickson wrote:
> ...
> On Wed, 26 Nov 2008, Julian Reschke wrote:
>>> Do you have a concrete example where the login form is complex in a 
>>> manner where the fields can't be identified and there is reason to 
>>> believe that a bot will want to authenticate but won't have been given 
>>> enough information to do so?
>> Well, it was you stating that the form could be arbitrarily complex.
> 
> It can, yes. HTML allows arbitrarily complex forms, and we don't want to 
> limit login forms to just two fields and a button. (I regularly log in to 
> systems where the login forms are two text fields and a checkbox, or two 
> text fields and a drop down, or five or so text fields. But in none of 
> these cases would I personally expect a bot to ever have my credentials.)
> ...

Yes. So wouldn't it make sense to address the common use case so that it 
doesn't require the "bot" (the non-HTML UA) to parse the response body?

BR, Julian



More information about the whatwg mailing list