Re: [csswg-drafts] [css-ui] 'input-security' considered harmful (#6788) from Luke Warlow via GitHub on 2023-07-14 (public-css-archive@w3.org from July 2023)

From: Luke Warlow via GitHub <sysbot+gh@w3.org>
Date: Fri, 14 Jul 2023 10:43:35 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-1635673634-1689331414-sysbot+gh@w3.org>

> See the recent discussion in [whatwg/html#7293](https://github.com/whatwg/html/issues/7293). I think it would be best to retain `input-security` and to mandate that "IF the UA exposes its own UI for this, that UI MUST be implemented by setting the input-security property on the element." That way we could at least ensure browser-provided UI and page-provided UI didn't fight each other.

How do you mean "don't fight each other" here. Because this would still lead to page UI getting out of sync with the browser UI.

User clicks browser UI to show password. Author toggle would still think the input is set to "hidden". and Is now out of sync with reality.

This as a mechanism also relies on password inputs to use input security and not the current technique of flipping between type="password" and type="text".


-- 
GitHub Notification of comment by lukewarlow
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/6788#issuecomment-1635673634 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 14 July 2023 10:43:37 UTC