HTML and CSS Reference
ters. The browser automatically scrolls text inside the input box to ex-
pose the extra characters.
The last text-input control is XHTML, too. It tells the browser to display a
text box three characters wide, into which the user can type up to three
characters. Its initial value is set to 100.
Notice that in the second and fourth examples it is implied that the user
will enter certain kinds of dataa postal code or a numeric rate, respect-
ively. Except for limiting how many , neither HTML nor XHTML provide a
way for you to dictate what characters may be typed into a text-input
field. For instance, in the last example field, the user may type "ABC,"
even though you intend the field's value to be a number less than 1,000.
Your server-side application or applet must trap erroneous or mistaken
input, check for incomplete forms, and send the appropriate error mes-
sage to the user when things aren't right. That can be a tedious pro-
cess, so we emphasize again: provide clear and precise instructions and
prompts. Make sure your forms tell users what kinds of input you expect
from them, thereby reducing the number of mistakes they may make
when filling them out.
126.96.36.199. Masked text controls
Like the Lone Ranger and Zorro, the mask is on the good guys in a
masked text field. It behaves just like a conventional text control in
a form, except that the user-typed characters don't appear onscreen.
Rather, the browser obscures the characters in masked text to keep
such things as passwords and other sensitive codes away from prying
To create a masked text control, set the value of the type attribute
to password . All other attributes and semantics of the conventional text
control apply to the masked one. Hence, you must provide a name, and
you may specify a size and maxlength for the field, as well as an initial
value (we recommend it).
Don't be misled: a masked text control is not all that secure. The typed-
in value is only obscured onscreen; the browser transmits it unencryp-