[Webkit-unassigned] [Bug 11420] New: Can not change the action, then submit, the form currently being submitted

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 26 07:11:16 PDT 2006 

http://bugs.webkit.org/show_bug.cgi?id=11420

           Summary: Can not change the action, then submit, the form
                    currently being submitted
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh PowerPC
               URL: https://www.ebank.hsbc.com.au
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at opendarwin.org
        ReportedBy: james.w.mitchell at gmail.com


In other words, assume there exists a form with ID form1. Submitting form1
executes a script which changes the action of form1 (form1.action), then
submits the form (form1.submit). I suppose one could look at is as
resubmitting/redirecting the form?

The browsers I have tested that do allow the action to be changed are IE 6
(Windows) and FireFox 2.0 (Mac). The browsers that do not allow this are Safari
420+ nightly (Mac) and Opera 9.02 (Mac)

Steps to Replicate:
On the affected page, enter a garbage value into Personal Banking Number (PBN),
press enter/return key and enter another garbage value into Personal
Identification Number (PIN), finally pressing the enter/return key to submit
the form. At this point, the browser was intended to submit the form to another
page, and this can be confirmed by clicking on the Logon button/link. Note,
both input fields are disabled after the form was meant to be submitted to
another page, as is the Logon button to prevent multple form submission.

A simple test can be drawn up as follows.
...
<script type="text/javascript">
// change the form.action and resubmit
function doStuff() { document.form1.action = "http://404/";
document.form1.submit(); }
</script>
...
<form name="form1" action="doStuff();".../>
...


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list