top | item 31033249

(no title)

There's no perfect solution, but you can make it painful. One solution I've seen, which only works in a server-side rendered site, is for the server to generate a random name for each form field being rendered. The mapping of random id to real field name is kept in the user's session information server-side, so the translation is then done server-side as well whenever the user performs an action.

At that point anyone writing a library like this would need to actually pull in the rendered page on which the user is supposed to be navigated, scrape the field names off of that (which won't be easy), and only _then_ could they perform the form action.

But if you're a big enough site, someone will likely still take the time to do it.

discuss

No comments yet.