Javscript can actually be used in theory to hack a form. Points to bear in mind when using ticking the form property "Generate HTML for all fields" or type=hidden in HTML other properties of a field.

Open a web page and put in the Address area: javascript:window.parent.close();  and press return.

The window will close. Scary.

Try this:

javascript:alert(document.cookie)

Displays the cookie information for a page, so you can see what a site is actually storing about you and your behaviour.

javascript:void(document.cookie="MessUpTheCookie")  changes the cookie.

Now if your site was using cookies to do security or credit cards you are in BIG trouble my friend. Spend a few minutes checking this out with your developers it could saver you a lot of cash.

Form fields:

javascript:alert(document.forms[0]) can return [object]. If so then try:

javascript:alert(document.forms[0].DocTitle.value); alert(document.forms[0].Abstract.value);

displays the value of the field: DocTitle and Abstract. Scaryish especially if it was a field like Readers or Authors...

What does :

javascript:document.forms[0].DocTitle.value=' http://www.AdFos.com';     do?

What about:

javascript:document.forms[0].DocTitle.value=' http://www.AdFos.com'; return false;    do?

What about in an older browser?

Submit and action type:

Would javascript:void(document.forms[0].action="GET") do damage?

javascript:void(document.forms[0].submit()) will save a web form even if you have hidden the Save button!

What about with LiveLink and CORBA ?

This could basically give a user access to your server databases and views...

If I find any other problems with this I will add to this document.