Re: ACTION-2079: Draft ¨host language should¨ language for password that they should restrict elements it can apply to, with input from minutes of 2 june 2016 meeting (Accessible Rich Internet Applications Working Group)

I don’t understand why this should be restricted to being within a form submit context. Whether I use a traditional form submit or something else shouldn’t be relevant to this discussion. As far as I’m aware there is no restriction placed on input type=password so why would we be putting a greater restriction on something with role=password?
Regards,
James


> On Jun 3, 2016, at 2:18 PM, Michael Cooper <cooper@w3.org> wrote:
> 
> Recommendation that host languages restrict where password can be used:
> 
> http://rawgit.com/w3c/aria/ACTION-2079/aria/aria.html#password <http://rawgit.com/w3c/aria/ACTION-2079/aria/aria.html#password>
> Using the password role on elements that would not accept passwords could create a security risk in conforming user agents, prompting users to enter a password in an inappropriate place where it could be accidentally exposed. Therefore, host languages SHOULD restrict use of the password role to elements that accept text input from users, and only when within a form submission context.
> 
> Michael
> 
> On 02/06/2016 1:25 PM, Accessible Rich Internet Applications Working Group Issue Tracker wrote:
>> ACTION-2079: Draft ¨host language should¨ language for password that they should restrict elements it can apply to, with input from minutes of 2 june 2016 meeting (Accessible Rich Internet Applications Working Group)
>> 
>> http://www.w3.org/WAI/ARIA/track/actions/2079 <http://www.w3.org/WAI/ARIA/track/actions/2079>
>> 
>> On: Michael Cooper
>> Due: 2016-06-09
>> 
>> If you do not want to be notified on new action items for this group, please update your settings at:
>> http://www.w3.org/WAI/ARIA/track/users/34017#settings <http://www.w3.org/WAI/ARIA/track/users/34017#settings>
>> 
>