- From: <bugzilla@jessica.w3.org>
- Date: Thu, 02 Oct 2014 18:03:02 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26956 Bug ID: 26956 Summary: autocompletion=off shouldn't be used to protect sensitive data Product: HTML WG Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: HTML5 spec Assignee: dave.null@w3.org Reporter: memmie@lenglet.name QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-admin@w3.org, public-html-wg-issue-tracking@w3.org > "The "off" keyword indicates either that the control's input data is particularly sensitive (for example the activation code for a nuclear weapon); — [4.10 Forms — HTML 5.1 Nightly Specs][1] It's a user choice: to save or not the form data regardless its sensivity. For password, in all major browsers ([Firefox 30][1], [Safari][3], [IE11][4], Chrome) they no longer rely on `autocomplete` attribute to prevent passwords being saved. I still agree with using it for disable auto fill when an alternative is provided or when the value will never be reused. But shouldn't use to "protect" sensitive data. [1]: http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fe-autocomplete-off [2]: https://developer.mozilla.org/en-US/Firefox/Releases/30/Site_Compatibility#%3Cform_autocomplete.3D.22off.22%3E_no_longer_prevents_passwords_from_being_saved [3]: http://lists.w3.org/Archives/Public/public-webapps/2013OctDec/1028.html [4]: http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0015.html -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Thursday, 2 October 2014 18:03:04 UTC