Safari auto-fill considered harmful

The buggy form auto-fill feature in Safari has put me in trouble in the past as I reported already. But here is another nasty strike that just happened while I was adding a comment on this site:


As you can see, had I not seen the pre-filled URL, I would have spammed my own weblog! It's a chance I caught it before submitting the form, as normally this information is pre-filled using a cookie. I guess that Safari decided that the URL field had to be filled with the information of the last comment-spam I had deleted before.

If you are using the auto-fill feature in Safari, you'd better double check what it decides to fill in itself!

Update: in the AutoFill Web Forms preferences, I unchecked Other Forms to prevent Safari from filling out anything but personal info and authentication forms. It didn't prevent Safari from continuing to autofill "other forms" as usual (like when I delete a comment spam on MT). I really don't like that.


My personal rule:

"Never use autofill, it is a security flaw in the various browsers".

Each time I help somebody to install or reinstall his computer and the dialog "Do you want autofill" shows up, I click "No" and I explain why.