[Zope] IE caching form field values

Oliver Bleutgen myzope@gmx.net
Mon, 23 Sep 2002 16:24:13 +0200


Michael Fox wrote:
> Hi *,
> 
>>From what I understand, having the following DTML and/or HTML tags *should* disable IE from caching previously entered values  in form fields...
> 
> <dtml-call "RESPONSE.setHeader('Expires', '-1')">
> <dtml-call "RESPONSE.setHeader('Pragma', 'no-cache')">
> <dtml-call "RESPONSE.setHeader('Cache-Control', 'no-cache')">
> 
> <HTML>
> <HEAD>
> <TITLE></TITLE>
> <META HTTP-EQUIV="Expires" CONTENT="-1">
> <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
> <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
> </HEAD>
> 
> Yet somehow IE remembers these values, and if I begin to enter say "3" IE will remembered the previous entered values 3, 33, 311 etc. and display a nice little IE drop-down-like-box below a standard HTML text input form field with these values.
> 
> Is there any way to disable this?
> 

I'm quite sure that this is not something which could be prevented by a 
trick from the normal http/html standards toolbox - because, AFAIK, 
remembering form entries is not decribed in any standard.

But maybe you could fool internet-explorer. Maybe alter the names of the 
form fields, e.g. <input type="text" name="textfield_3232">
where everything after the underscore is a random value.
Sadly, this would make getting to the form values a little bit more 
complicated.
Maybe altering the name attribut of the submit form or introducing a 
randomly named hidden input type would do it.
Or calling the form with a randomly choosen attribute:
<a href="your/form/URL?param=f09j3209ruwijf">

What I want to get at is that the only way I see to prevent this 
behavior of IE is to confuse it about the "identity" of the form, so 
that it isn't able to show previously entered values.
I assume google can tell you how IE identifies the forms.

HTH,
oliver