- From: Glenn Maynard <glenn@zewt.org>
- Date: Thu, 13 Nov 2014 19:49:54 -0600
- To: Roger Hågensen <rescator@emsai.net>
- Cc: whatwg <whatwg@lists.whatwg.org>
On Thu, Nov 13, 2014 at 7:17 PM, Roger Hågensen <rescator@emsai.net> wrote: > On 2014-11-13 20:20, Evan Stade wrote: > >> Currently this new behavior is available behind a flag. We will soon be >> inverting the flag, so you have to opt into respecting autocomplete="off". >> >> > I don't like that browsers ignore HTML functionality hints like that. > It's not ignoring hints, this is just removing a bad feature. One of the most common irritants of day to day browsing is pages disabling form autocomplete and password management, and making me enter everything by hand. It's working extremely poorly in the real world. I have one real live use case that would be affected by this. > http://player.gridstream.org/request/ Unfortunately, even if a couple pages have a legitimate use for a feature, when countless thousands of pages abuse it, the feature needs to go. The damage to people's day-to-day experience outweighs any benefits by orders of magnitude. > This radio song request uses autocomplete="off" for the music request > because a listener would probably not request the same bunch of songs over > and over. (The use case doesn't really matter to me--the abuse is too widespread--but this is wrong. If I request a song today, requesting it again tomorrow or the next day is perfectly natural, especially if my request was never played.) > Also, banks generally prefer to have autocomplete="off" for credit card > numbers, names, addresses etc. for security reasons. And that is now to be > ignored? Yes, absolutely. My bank's preference is irrelevant. It's my browser, not my bank's. This is *exactly* the sort of misuse of this feature which makes it need to be removed. > Also the reason the name field also has autocomplete="off" is simple, if > somebody uses a public terminal then not having the name remembered is nice. > This is another perfect example of the confused misuse of this feature. You don't disable autocompletion because some people are on public terminals--by that logic, every form everywhere would always disable autocomplete. This must be addressed on the terminal itself, in a consistent way, not by every site individually. (Public terminals need to wipe the entire profile when a user leaves, since you also need cache, browser history, cookies, etc.) -- Glenn Maynard
Received on Friday, 14 November 2014 01:50:21 UTC