愚蠢的审计技巧 [英] Stupid Audit Tricks
问题描述
只是想咆哮那些认为这是个好主意的人
限制用户输入。
我刚刚复制并粘贴了我的8个字符确认码
进入商业网站并点击开始。
它确认了确认码无效。
将我复制的值与我粘贴的字段进行比较后,我看到它截断了最后一个字符。
复制操作包含一个前导空格,因为
字段只允许8个字符,所以它保留了空格并且
删除了代码的最后一个字符。
这是糟糕的用户界面设计。
该字段应该盲目接受我的输入然后
剥离空白并审核剩余价值。
-
Just wanted to rant about people who think it''s a good idea
to restrict user input.
I just copied and pasted my 8 character Confirmation Code
into a commercial web site and clicked "Go".
It whined that the Confirmation Code was invalid.
Comparing the value I had copied from to the field I had
pasted into, I saw that it had truncated the last character.
The Copy operation had included a leading space, and since
the field only allowed 8 characters, it kept the space and
dropped the last character of the Code.
That''s bad user interface design.
The field should have accepted my input blindly and then
stripped whitespace and audited the remaining value.
--
推荐答案
2007年8月27日星期一10:09 :25 -0700,Lee写道:
On Mon, 27 Aug 2007 10:09:25 -0700, Lee wrote:
只是想咆哮那些认为这是个好主意的人
限制用户输入。
我只需将我的8个字符确认码
复制并粘贴到商业网站上,然后点击开始。
它确认了确认码无效。
将我复制的值与我粘贴的字段进行比较后,我看到它截断了最后一个字符。
复制操作包括一个前导空格,因为
字段只允许8个字符,它保留了空格并且
删除了最后一个字符代码。
这是糟糕的用户界面设计。
该字段应该盲目接受我的输入然后
剥离空白并审核剩余值。
Just wanted to rant about people who think it''s a good idea
to restrict user input.
I just copied and pasted my 8 character Confirmation Code
into a commercial web site and clicked "Go".
It whined that the Confirmation Code was invalid.
Comparing the value I had copied from to the field I had
pasted into, I saw that it had truncated the last character.
The Copy operation had included a leading space, and since
the field only allowed 8 characters, it kept the space and
dropped the last character of the Code.
That''s bad user interface design.
The field should have accepted my input blindly and then
stripped whitespace and audited the remaining value.
实际上你的剪切和粘贴操作不好......
不同的东西都不一样。
-
我告诉你这将会发生。
Actually that''s a bad cut and paste operation on your part... things that
are different aren''t the same.
--
I told you this was going to happen.
Lee写道:
Lee wrote:
该字段应该盲目接受我的输入然后
剥离空白并审核剩余值。
The field should have accepted my input blindly and then
stripped whitespace and audited the remaining value.
我完全同意。人类(在我的综合调查中,即我)是
总是添加前导和尾随空格。你是对的
白色*空间*必须被剥夺;大约10%的时间尾随
字符是一个标签。
-
Steve Swift
< a rel =nofollowhref =http://www.swiftys.org.uk/swifty.html\"target =_ blank> http://www.swiftys.org.uk/swifty.html
http://www.ringers.org.uk
Ivan Marsh说:
Ivan Marsh said:
>
On Mon,27 Aug 2007 10:09:25 - 0700,Lee写道:
>
On Mon, 27 Aug 2007 10:09:25 -0700, Lee wrote:
>只是想咆哮那些认为限制用户输入是个好主意的人。
我只是将我的8个字符确认码复制并粘贴到商业网站上,然后点击开始。
它确认确认码无效。
将我复制的值与我粘贴的字段进行比较,我看到它已经截断了最后一个字符。
复制操作h广告包括一个领先的空间,因为该字段只允许8个字符,它保留了空间并且删除了代码的最后一个字符。
这是糟糕的用户界面设计。
该字段应该盲目地接受我的输入,然后剥离空白并审核剩余的值。
>Just wanted to rant about people who think it''s a good idea
to restrict user input.
I just copied and pasted my 8 character Confirmation Code
into a commercial web site and clicked "Go".
It whined that the Confirmation Code was invalid.
Comparing the value I had copied from to the field I had
pasted into, I saw that it had truncated the last character.
The Copy operation had included a leading space, and since
the field only allowed 8 characters, it kept the space and
dropped the last character of the Code.
That''s bad user interface design.
The field should have accepted my input blindly and then
stripped whitespace and audited the remaining value.
实际上,这是一个糟糕的剪切和粘贴操作......
不同的东西是不一样的。
Actually that''s a bad cut and paste operation on your part... things that
are different aren''t the same.
当然是,但是用于包含额外空格的不良剪切和粘贴操作对用户是不可见的。网页
页面可以轻松检测到它们。取而代之的是,
让用户试图添加第8个字符,并且字段阻止了
,没有明显的原因。
这是糟糕的用户界面设计。
-
Of course it was, but bad cut and paste operations that
include extra spaces are invisible to the user. The web
page can easily detect them, and should. Instead, it
leaves the user trying to add the 8th character, and having
the field block it, for no obvious reason.
That''s bad user interface design.
--
这篇关于愚蠢的审计技巧的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
