[Bug 26956] New: autocompletion=off shouldn't be used to protect sensitive data


            Bug ID: 26956
           Summary: autocompletion=off shouldn't be used to protect
                    sensitive data
           Product: HTML WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec
          Assignee: dave.null@w3.org
          Reporter: memmie@lenglet.name
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-admin@w3.org,

> "The "off" keyword indicates either that the control's input data is particularly sensitive (for example the activation code for a nuclear weapon);
— [4.10 Forms — HTML 5.1 Nightly Specs][1]

It's a user choice: to save or not the form data regardless its sensivity.
For password, in all major browsers ([Firefox 30][1], [Safari][3], [IE11][4],
Chrome) they no longer rely on `autocomplete` attribute to prevent passwords
being saved.

I still agree with using it for disable auto fill when an alternative is
provided or when the value will never be reused. But shouldn't use to "protect"
sensitive data.

[3]: http://lists.w3.org/Archives/Public/public-webapps/2013OctDec/1028.html
[4]: http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0015.html

You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 2 October 2014 18:03:04 UTC