Fang Talks

Löve the D

Toying with the system for usability gains.

There’s this thing about forms on the web. Until you hit the submit or send button, everything happens locally on your machine. Yes, you got handed the page by the website’s server, and it may include static and/or dynamic limitations, but those don’t really mean anything. They’re merely guidelines. It all takes place on your machine, so with the right know-how (which really isn’t that complicated) you get to pick and choose which rules you want to obey, and which ones you ignore.

Say you’re making an account on the latest in authentic, home-grown social media. Of course short usernames are going to be really sweet, but the account creation restricts you to a minimum of five characters; the submit button is greyed out until you enter a “valid” name. Good thing you can help it! Just throw any and all JavaScript off that page, and manually enable that submit button. Click it, and poof!

Of course, if the developers were even half competent they’d also be checking username length on the server side, properly validating your data before applying it. But if they didn’t, you just got lucky, you’re going to be one of the rare few with an “impossibly” short username! That is, until the rest catches on.

I changed a potentially abusable setting like this. Should probably check if I can push limits with it.
~ Fang

Post a comment

Your email will stay hidden, required field are marked with a *.

Experimental anti-spam. You only have to do this once. (Hint: it's "Fang")