I don't see how Allow being the default can be a security issue. The
user is specifically sent to that page for the purpose of granting
access. Only a minuscule number of users will need to click the Deny

But, I think you're right that the real issue is that the Deny button
is the first submit button, and that is why Roboform activates it.
Anyhow, if it can be changed that Roboform will activate Allow, then
it will be all sweets and candy.

On Feb 9, 7:09 pm, "@epc" <epcoste...@gmail.com> wrote:
> Making "Allow" a default on a security authorization page seems to be
> asking for trouble later.  At present the "Deny" button is of type
> "submit".  They can't use "reset" as that won't send anything back to
> twitter (unless you add some sort of event via Jquery).  "Deny"
> doesn’t appear to be the default, it’s just the first "submit" button
> in the form.

Reply via email to