Ian Hickson wrote:
...
On Wed, 26 Nov 2008, Julian Reschke wrote:
Do you have a concrete example where the login form is complex in a
manner where the fields can't be identified and there is reason to
believe that a bot will want to authenticate but won't have been given
enough information to do so?
Well, it was you stating that the form could be arbitrarily complex.
It can, yes. HTML allows arbitrarily complex forms, and we don't want to
limit login forms to just two fields and a button. (I regularly log in to
systems where the login forms are two text fields and a checkbox, or two
text fields and a drop down, or five or so text fields. But in none of
these cases would I personally expect a bot to ever have my credentials.)
...
Yes. So wouldn't it make sense to address the common use case so that it
doesn't require the "bot" (the non-HTML UA) to parse the response body?
BR, Julian
