Don't count on form field's maxlength property

I’ve talked about this before, but don’t count on maxlength in your form fields. Why? Because it is trivial to turn them off using Firefox’s Web Developer toolbar extension. I was looking at a ColdFusion based shopping cart solution today, and noticed that when I did this to their cart display, I was able to enter a huge number for the line item. What was my final line item price?

499, 900, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000.00

I hope that comes with free shipping. I’m not revealing the name of the product as I’ve emailed them to inform them of the bug and I’m sure I’ve made the same mistake myself as well. Of course, if I don’t hear back maybe I will anyway. ;)

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate looking for his next gig. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support.

Lafayette, LA https://www.raymondcamden.com

Comments