| ▲ | grey-area 9 hours ago | |||||||
Thanks, I’ve seen scripted attacks bypass this sort of hidden input unfortunately (perhaps human assisted or perhaps just ignoring hidden fields). | ||||||||
| ▲ | jaggederest 7 hours ago | parent | next [-] | |||||||
They often do actually ignore truly hidden fields (input type=hidden) but if you put them "behind" an element with css, or extremely small but still rendered, many get caught. It's similar to the cheeky prompt injection attacks people did/do against LLMs. | ||||||||
| ||||||||
| ▲ | mads_quist 8 hours ago | parent | prev [-] | |||||||
Sure, it's really basic of course. | ||||||||