SERIOUS BUG: Skipped fields quietly filled with cookies values

  • Profile Image
    antoniooi
    Asked on May 20, 2012 at 08:45 AM

    Hi Guys,

    Based on the recent submissions from some of my users, I discovered that some of the conditional skipped fields were being filled with previous submitted values grabbed from browser cookies. In addition, such fields are not those fields that contain default values, e.g. text boxes. Therefore, the chances are even higher that most probably JotForm had either auto-filled such values from browser cookies or the browser auto-fill feature was not being prevented properly. It is said that it wasn't being prevented properly because the browser auto-fill feature was breaking the conditional rules set by the users of which the expected result has no longer met.

    If you refer to my attached screenshot, you'll realize that this could lead to serious dispute between the users and the providers as the information submitted may cause contradiction and confusion.

    However, do let me know if I had made a wrong judgement and feel free to enlighten me if there could be other possibility that may be causing this to happen.

    Thank you.

    Antonio

  • Profile Image
    antoniooi
    Answered on May 20, 2012 at 08:47 AM

    P/S: How come those CSS codes can appear in the forum posts and cannot be removed even several times of edit??????

  • Profile Image
    gori-mathew
    Answered on May 20, 2012 at 09:11 AM

    Hi,

    We apologize for the inconveniences  caused. Unfortunately, i wasn't able to reproduce the problem you highlighted above using both IE8 and FF Browsers. I have made submission of your form and below is captured data;

    Submission Date
    2012-05-20 21:03:36
    URL of an existing Public Program to be edited:
    www.11111111111111111.com/11111111
    Is this a temporarily published Public Program?
    No, it is also my permanent In-house Program.
    Training Category:
    (Don't change anything.)
    Course Introduction/Overview:
    (Don't change anything.)
    Course Objectives:
    (Don't change anything.)
    Program Start Date:
    11-11-111 11:11 AM
    Program End Date:
    11-11-111 11:11 AM
    Venue:
    11111111
    Fee Per Person (RM):
    11111111111
    Early Registration Discount:
    (Don't change anything)
    Early Registration Discount Closing Date:
    --
    Group Registration Discount from a same orgniazation:
    (Don't change anything)
    Early Payment Discount:
    No discount.
    Early Payment Discount Closing Date:
    --
    Other Terms & Conditions that specific to this particular training schedule only:
    11111111111

    Can you try making all fields that you need 'required', this ensures that users don't leave any needed field unfilled. Try also to clear the browsers cache, logout and relogin to your account and try making submission, this is to ensure that it isn't browser related.

    Lets know if this helps.

     

     

  • Profile Image
    antoniooi
    Answered on May 20, 2012 at 11:00 AM

    Hi,

    As I said, it may subject to user's auto-fill configuration, which is out of our control. Therefore, it's also pretty hard to reproduce it by having different browser auto-fill configurtion combinations.

    As this is an EDIT form, I have to make all fields OPTIONAL unless it is a new submission as shown below:

    http://form.jotform.me/form/20924420525446

    In addition, you may not be able to have the form auto-filled by cookies as you never submitted any form with the skipped fields filled. Naturally, your cookies do not have such values existed for that particular form fields.

    I hope you get what I mean.

    Antonio

  • Profile Image
    jonathan
    Answered on May 21, 2012 at 08:52 AM

    Hello Antonio,

    If I understand auto-fill behaviour correctly for browsers, an input field should be 'in-focus', then you either click-hold the mouse or type something(letter) while focus on that field before the 'auto-fill' drop down values became visible (that is if there is a relevant query base on the words/phrase cache on the browser).

    I cannot seem to see yet how it can be 'quietly filled' by auto-fill process with-out the required actions I mentioned.

    Please correct me if I am wrong with my understanding of your question.

    Thanks.

  • Profile Image
    antoniooi
    Answered on May 21, 2012 at 09:11 AM

    Initially, I also thought of that before and when the form page has been entirely skipped, there is no way for such auto-fill behavior that requires human intervention to take place on those skipped fields on that skipped page. But correct me if I'm wrong: Even though the form page is hidden, the HTML input fields are still physically there, am I right? If yes, then think of those login form where username is usually auto-filled without even a single click on its textbox -- isn't this possible? Isn't this username field being pre-populated from the cookies? Notice that some websites only allow the username to be auto-filled but some not for security reason -- so how did they prevent the browser from auto-filling the username and even the password field even though the user has instructed the browser to remember the login credentials?

    I know this issue is a bit tricky for the programmers to track and troubleshoot. If you find it too time consuming to be rectified, you can put it as lower priority first. When I encounter another instance of this case, I will update you again just to make sure the problem had been consistently happened.

    Thank you.

    .adslot-overlay {position: absolute; font-family: arial, sans-serif; background-color: rgba(0,0,0,0.65); border: 2px solid rgba(0,0,0,0.65); color: white !important; margin: 0; z-index: 2147483647; text-decoration: none; box-sizing: border-box; text-align: left;}.adslot-overlay-iframed {top: 0; left: 0; right: 0; bottom: 0;}.slotname {position: absolute; top: 0; left: 0; right: 0; font-size: 13px; font-weight: bold; padding: 3px 0 3px 6px; vertical-align: middle; background-color: rgba(0,0,0,0.45); text-overflow: ellipsis; white-space: nowrap; overflow: hidden;}.slotname span {text-align: left; text-decoration: none; text-transform: capitalize;}.revenue {position: absolute; bottom: 0; left: 0; right: 0; font-size: 11px; padding: 3px 0 3px 6px; vertial-align: middle; text-align: left; background-color: rgba(0,0,0,0.45); font-weight: bold; text-overflow: ellipsis; overflow: hidden; white-space: nowrap;}.revenue .name {color: #ccc;}.revenue .horizontal .metric {display: inline-block; padding-right: 1.5em;}.revenue .horizontal .name {padding-right: 0.5em;}.revenue .vertical .metric {display: block; line-height: 1.5em; margin-bottom: 0.5em;}.revenue .vertical .name, .revenue .vertical .value {display: block;}.revenue .square .metric, .revenue .button .metric {display: table-row;}.revenue .square .metric {line-height: 1.5em;}.revenue .square .name, .revenue .square .value, .revenue .button .value {display: table-cell;}.revenue .square .name {padding-right: 1.5em;}.revenue .button .name {display: block; margin-right: 0.5em; width: 1em; overflow: hidden; text-overflow: clip;}.revenue .button .name:first-letter {margin-right: 1.5em;}a.adslot-overlay:hover {border: 2px solid rgba(58,106,173,0.9);}a.adslot-overlay:hover .slotname {border-bottom: 1px solid rgba(81,132,210,0.9); background-color: rgba(58,106,173,0.9);}a.adslot-overlay:hover .revenue {border-top: 1px solid rgba(81,132,210,0.9); background-color: rgba(58,106,173,0.9);}div.adslot-overlay:hover {cursor: not-allowed; border: 2px solid rgba(64,64,64,0.9);}div.adslot-overlay:hover .slotname {border-bottom: 1px solid rgba(128,128,128,0.9); background-color: rgba(64,64,64,0.9);}div.adslot-overlay:hover .revenue {border-top: 1px solid rgba(128,128,128,0.9); background-color: rgba(64,64,64,0.9);}
  • Profile Image
    jonathan
    Answered on May 21, 2012 at 05:28 PM

    Hi Antonio,

    I will also conduct furher check on this scenario.

    If I can reproduce it first with enough information, I will forward it to our Next Level support.

    Thank you for your support and inputs. =)