- From: Edward O'Connor <eoconnor@apple.com>
- Date: Wed, 05 Mar 2014 12:38:18 -0800
- To: whatwg@lists.whatwg.org
Hi, Ian wrote, in 2012: >> This might fall under the broader class of "identity"-related fields, >> which I think merit their own carefully thought out set of tokens. >> There was some work done on the beginnings of such a specification -- >> see https://wiki.mozilla.org/Identity-inputs -- but my current >> understanding is that this is an area in need of further development. > > I'm happy to add more things like this to the spec, but I don't know > what to add exactly. If there is a concrete description of what fields > I should add here, I'd be happy to do so. The techniques browsers use for autofilling auth information would benefit enormously from some additional autocomplete="" values. The wiki page Ilya mentioned captures the use cases pretty well. I think these are the critical ones that capture the most common cases: # Passwords On "change your password" forms, which <input type=password> is your current password? Which is the new password? Browsers want to avoid filling the old password into the new or confirm password fields. Additionally, distinguishing such fields would help tools that generate passwords. These are useful on both sign-up and change password forms. <input type=password> - your current password <input type=password autocomplete=new> - a new password <input type=password autocomplete=confirm> - the new password, again Next to the other autocomplete values, "new" and "confirm" don't look descriptive enough. "new-password" and "confirm-password", maybe? "<input type=password autocomplete=new-password>" feels redundant and verbose to me. # Usernames Lots of websites use email addresses as usernames. Tools should be able to distinguish email-used-as-username fields from other email fields. This can also help on "forgot password"/"forgot username" forms. <inpyt type=text autocomplete=username> - your username on this site <input type=email> - your preferred email address <inpyt type=email autocomplete=username> - your username on this site, not your preferred email address <input type=url autocomplete=username> - OpenID Also, consider the case of login forms without username fields. You see this sort of thing a lot these days, when sites remember who was last logged in: <form> <label>Password for hober: <input type=password name=pw></label> <p>Not hober? <a href=...>Click here to sign in</a>. </form> It's difficult for tools to manage the user's auth info for such pages. How can tools discover what the username is? The obvious solution, in a world with autocomplete=username, would be to add <input type=hidden autocomplete=username name=username value=hober> to the form. Thoughts? Ted
Received on Wednesday, 5 March 2014 20:39:23 UTC