undefined | Better HN

0 pointsjazoom9y ago0 comments

But then the browser won't autofill it, so what's the problem?

0 comments

It will if the attacker uses the same custom name for his field. The attacker could try to suck as much data as possible by creating thousands of hidden fields having a lot of possible combinations for the names of these non-standard CC fields, and wait to get lucky.

j / k navigate · click thread line to collapse

0 pointsjazoom9y ago0 comments

But then the browser won't autofill it, so what's the problem?

0 comments

sharkoz9y ago

It will if the attacker uses the same custom name for his field. The attacker could try to suck as much data as possible by creating thousands of hidden fields having a lot of possible combinations for the names of these non-standard CC fields, and wait to get lucky.

j / k navigate · click thread line to collapse