[whatwg] Solving the login/logout problem in HTML
Julian Reschke
julian.reschke at gmx.de
Wed Nov 26 03:19:19 PST 2008
Ian Hickson wrote:
> ...
> On Wed, 26 Nov 2008, Julian Reschke wrote:
>>> Do you have a concrete example where the login form is complex in a
>>> manner where the fields can't be identified and there is reason to
>>> believe that a bot will want to authenticate but won't have been given
>>> enough information to do so?
>> Well, it was you stating that the form could be arbitrarily complex.
>
> It can, yes. HTML allows arbitrarily complex forms, and we don't want to
> limit login forms to just two fields and a button. (I regularly log in to
> systems where the login forms are two text fields and a checkbox, or two
> text fields and a drop down, or five or so text fields. But in none of
> these cases would I personally expect a bot to ever have my credentials.)
> ...
Yes. So wouldn't it make sense to address the common use case so that it
doesn't require the "bot" (the non-HTML UA) to parse the response body?
BR, Julian
More information about the whatwg
mailing list