This afternoon I was on the phone with a customer of ours talking about various ways of testing applications. One interesting thing they said was that they didn’t have to worry as much about incorrect input coming from the web portion, since all of the results are in select drop downs, and so can’t be changed.
Ladies and gentleman, this can’t be further from the truth. Not only is it possible, it is dead easy. How so? Let’s start with a simple HTML form that has a select drop down:
This spits out a page that looks like:
On IE this will bring up:
And on Firefox:
What you’ll see is this:
What we’ve done is set the value of the first option of our select list – what will be sent to the server – to “GA”. Now, clicking view source won’t make this obvious, as we are changing the in-memory representation. But to make it more obvious, enter the following:
What does your page look like now?