RESOLVED WORKSFORME 84284
Hidden input field values cached 
https://bugs.webkit.org/show_bug.cgi?id=84284
Summary Hidden input field values cached
michael.brailsford
Reported 2012-04-18 14:52:52 PDT
Created attachment 137774 [details] simple html files to recreate the issue Attached is a very simple pair of html files that demonstrate this issue. page_a.html has a simple form with an input field with a given value. page_a.html has a body onLoad event handler that submits the form which takes the user to page_b.html. page_b.html also has a form with an input field with a different value that page_a.html. Inspect the page while viewing page_b and the form value will not be the value from page_b, but it will be the value from page_a. View the source, or refresh page_b.html and the correct page_b values are displayed. If the automatic form submission from the onLoad is removed and a submit button is added to page_a.html, then page_b.html shows the correct values for the form element, and inspect and view source match. If the automatic form submission is removed, and a button added to the form that submits the form on page_a with the same javascript as the onLoad event handler, then the values on page_b.html are those contained in the source file, and inspect and view source match.
Attachments
simple html files to recreate the issue (535 bytes, application/zip)
2012-04-18 14:52 PDT, michael.brailsford 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
michael.brailsford
Comment 1 2012-04-18 15:27:13 PDT
I should also add that changing the form input types to text and wrapping them in '<div style="display:none">' tags will also cause the form value to have the expected values, ie. the values served by the web server.
Kent Tamura
Comment 2 2012-04-19 13:54:54 PDT
This bug is very similar as Bug 79206. @michael.brailsford, would you tell us what browser version did you test with?
michael.brailsford
Comment 3 2012-04-20 06:19:05 PDT
Safari 5.1.5 (7534.55.3)
michael.brailsford
Comment 4 2012-04-20 07:20:42 PDT
An additional way to circumvent the issues is to change the body onLoad to 'setTimeout("document.test.submit()", 0)'. So it doesn't appear to be an issue strictly with automated form submission from the body onLoad.
michael.brailsford
Comment 5 2012-04-20 07:45:16 PDT
I was unable to reproduce the issue in Chrome 18.0.1.1025.162. UserAgent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1.1025.162 Safari/535.19"
michael.brailsford
Comment 6 2012-04-25 12:51:47 PDT
Tested on nightly build [1] and problem still exists. [1] r115198.zip">http://builds.nightly.webkit.org/files/trunk/win/WebKit-SVN-r115198.zip
Jon Lee
Comment 7 2012-04-25 15:19:32 PDT
Using your test pages, I cannot reproduce the problem using the WebKit nightly on Mac. Are you seeing this on Windows only?
michael.brailsford
Comment 8 2012-05-03 07:19:10 PDT
Using the nightly from May 03 [1], I cannot recreate the issue on windows. [1] r115963.zip">http://builds.nightly.webkit.org/files/trunk/win/WebKit-SVN-r115963.zip
michael.brailsford
Comment 9 2012-05-10 10:00:44 PDT
The Safari 5.1.7 update last night resolves the issue with form submission values being cached. From the release page, the description below seems to fit the symptoms of the issue causing this problem, and it has apparently been resolved: WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to populate form inputs on another website with arbitrary values Description: A state tracking issue existed in WebKit's handling of forms.
Note You need to log in before you can comment on or make changes to this bug.