Reputation: 352
IE 9 Form Submit Crash
I'm using an encryption technique on a user login form to avoid passing passwords in plain text. I store a unique challenge value in a PHP session, include that same value within an HTML form hidden field, and then I use a JavaScript-based SHA1-1 script to hash the password before submitting it. (It's then compared with the same at the server side using the challenge stored in the session variable).
I don't have any problems with the above in itself, but I thought it best to explain why I need to do this.
I'm submitting the form like this:
var password = sha1(document.forms['loginform'].password.value);
password = sha1(document.forms['loginform'].challenge.value + password);
document.forms['loginform'].challenge.value = '';
document.forms['loginform'].password.value = password;
document.forms['loginform'].style.display = 'none';
document.forms['loginform'].submit();
The problem is the 5th line there. I'd like to hide the encrypted password value from view, because if I don't, I have people saying 'that wasn't my password', 'I don't like that', and so on.
The thing is, setting display to 'none' prior to submit, seems to crash Internet Explorer 9 with a message like this:
Problem Event Name: APPCRASH
Application Name: iexplore.exe
Application Version: 9.0.8112.16421
Fault Module Name: MSHTML.dll
So, I was wondering if anyone has a better way to go about doing this. I.e., is there a good or 'normal' way to hide a JavaScript updated form value before submit?
Thanks
Edit: For now I'm setting the password field text colour to match the background. It's a bit of a hack. I don't want to mark the below as the answer - I don't really agree and it's a bit like a thumbs down for my own question. (I will, rather than leave this open forever : ). It's no major problem. I'll leave it for a bit.
Upvotes: 2
Views: 898
Answers (2)
Reputation: 2155
I have just encountered a similar issue (see here). Microsoft's IE development team has confirmed that it is a rendering issue. If this is the same thing, it seems to not be related to the form submission, but rather it occurs when setting the value of an input field and immediately hiding the field's parent when certain styles are assigned (see above link). Microsoft's suggestion was to force IE to use the IE8 rendering engine, but I discovered that wrapping the input in another element (e.g. SPAN or DIV) with no styles seems to do the trick.
Let me know if this workaround works for you.
Upvotes: 0
Reputation: 160883
Such "encryption technique" does nothing helpful. You are still passing the passwords in plain text. Imaging someone use a sniffer and have got the password hash (and the session cookie..), He can login the system easily.
If you want security, use https.
Upvotes: 1
Related Questions
- IE11-Only Submit Bug
- FormsAuthentication working in every browser except for IE
- IE 11 cannot submit an HTML form
- Form Button Submit IE Issue
- IE9 Double Form Submit Issue
- ASP.NET Forms Authentication Login Page Redirect Loop for IE 7, 8, and 11, but NOT 9 or 10
- Internet Explorer - Javascript submit error
- IE9 (compatibility mode) not submitting a form
- Javascript not submitting form in IE
- IE9 submit button does not work