Yeah, I do this stuff for a living too.

You're wrong.

You don't even know that in order to make the HTML presentable on this forum that you need to escape the GREATER THAN and LESS THAN symbols and using the ampersands doesn't work on this webpage.

Do you have the slightest clue that this is what controls everything and not the JavaScript which is client side only and in this case is used for validation and presentation only and hopefully there is additional validation on the server side because you NEVER EVER rely on Client Side validation?  Did you know that?

And here's the story if you can follow along #13:

form name="checkout" action="https://secure.tprf.org/cgi-bin/verisign/giving.cgi....

The gist of HTML is in the Form and the form action, right?

So, the form that is being presented to the user via the browser is being sent back to the server but before it gets sent back it gets validated with the JavaScript method named Validate() that gets called via the form onSubmit(), right?

But, if you take the time to read the Validate() code you'll see it doesn't touch the form var named 'contribution' that is a radio button on the form that we're talking about here.

What is a form var?

The form vars get posted, because this is a post type form, back to the server for processing.  And back at the server there's a Response and a Request object, right?

And the form var, 'contribution' has only two different values - 'M' or 'H'.  Right?  Look at the HTML and show me where 'contribution' can have any other value than the two 'M' or 'H'.  Yet, as a radio button there's three (3) selections presented to the user in the browser.

And 'H' does not stand for Hurricane as one would think.  And the value of 'M' is used twice in the radio button for 'Maharaji's Message' and for '...relief for victims of Hurricane Katrina'.  It's not a very good radio button since radio buttons usually have mutually exclusive values, but not always as this example shows us.

Ok, #13, let's look at the top of the Form part together, shall we?

.lt.form name="checkout" action="https://secure.tprf.org/cgi-bin/verisign/giving.cgi" method="POST"  onSubmit="return Validate('checkout')";.gt.
.lt.input type="hidden" name="emailcustomer" value="TRUE".gt.
.lt.input type="hidden" name="POnum" value="Giving".gt.
.lt.input type="hidden" name="description" value="Donation".gt.
.lt.table border="0" cellspacing="2" width="100%" cellpadding="2".gt.
.lt.tr valign="top" bgcolor="#CCCCCC".gt.
.lt.td align="right".gt..lt.span class="style2".gt.Allocate my contribution.lt./span.gt..lt./td.gt.
.lt.td colspan="2".gt..lt.p class="style2".gt.

(HERE IS THE MEAT again .lt. is less than and .gt. is greater than)

.lt.input name="contribution" type="radio" value="m" onclick="setComment('checkout')";.gt.to help promote Maharaji's message .lt.br.gt.
.lt.input name="contribution" type="radio" value="m" onClick="setComment('checkout')";.gt.to  relief for victims of Hurricane Katrina .lt.br.gt.
.lt.input name="contribution" type="radio" value="h" onclick="setComment('checkout')".gt.
..............snipped for brevity.................

The JavaScript onclick() event for the 'contribution' form var or radio button (I'll let you examine the code) only populates the textarea that I believe is only used for display purposes only, you know, what the user sees and that is form var 'comment'.

Now, I'll grant you that since 'comment' is a form var maybe they are parsing it at that server side, but who would do that? Most programmers would use the form var 'contribution' with simple values like 'M' or 'H', right?  Isn't that easier than parsing a textarea that the user could have altered?  I know what I'd be using - 'contribution', not 'comment'.

Seriously, which would you use at the server: a radio button with discrete values or a textarea with who knows what?

That question is the CRUX.

Real programmers would always use the radio button.

Tell me this: Couldn't select 'M' or 'H' and afterwards there's nothing to stop me from entering 'Maharaji sucks' in the 'comment' form var.  Seriously, why would the programmers bother to use a textarea to categorize the type of contribution when they've already provided a radio button?  What kind of programmer would do that?  Why parse some textarea when you have a radio button?  Makes absolutely no sense.  I suggest that the textarea is for display purposes only.

The form var 'contribution' gets sent back to the server for processing ($$$$$$).  And if you took the time to look at the form's Validate() method you would have seen that it never alters the value of form var 'contribution'.  And the method SetComment() never altered the value of the form var 'contribution' either, did it?

P.S. I'm hoping this was a mistake and not a deliberate effort to deceive.  I guess the proof will be if they change the page, right?  Well, maybe not.  Maybe they will actually parse the 'comment' form var.  But, that's a crazy-ass way of programming.