- From: Adrian Bateman <adrianba@microsoft.com>
- Date: Fri, 3 Jan 2014 23:07:42 +0000
- To: Jonas Sicking <jonas@sicking.cc>, Joel Weinberger <jww@chromium.org>
- CC: Webapps WG <public-webapps@w3.org>
On Thursday, December 12, 2013 1:57 PM, Jonas Sicking wrote: > On Thu, Dec 12, 2013 at 1:45 PM, Joel Weinberger <jww@chromium.org> wrote: > >> But it would suck if the result is that they create their own form > >> fields using <div>s and/or contenteditable. > > > > That's true, although some things like that are already pretty prevalent so > > we've come up with decent heuristics for detecting them. In the end, though, > > they always can try obfuscation, but we think that this will, in fact, > > benefit their users. > > Whether it benefits users or not is unfortunately less relevant than > whether websites thinks that it benefits users. Since if they don't > think it does, we'll end up in an escalating war of browsers and > websites working around each other. > > >> Reaching out to banks might be good. Is that something you've looked at? > > > > Yes, we're definitely doing that. From our perspective, we'd be happy with > > making the switch today, but we're trying to be good netizens and (a) give > > fair warning, and (b) make sure we're not missing something critical. > > I'd be very interested in hearing what feedback you get. If we knew > that banks were onboard with whatever is proposed, that would > definitely make us more comfortable with deploying the same solution. We agree with this approach. In IE11, we decided to stop supporting [1] the autocomplete attribute with <input type=password> in order that we could offer password management for more authentication forms. We never store passwords without the user choosing to allow this when prompted for a specific site. We haven't heard any significant negative feedback so far. Cheers, Adrian. [1] http://msdn.microsoft.com/en-us/library/ie/ms533486
Received on Friday, 3 January 2014 23:08:30 UTC