- From: Evan Stade <estade@google.com>
- Date: Thu, 13 Nov 2014 23:02:21 -0800
- To: rescator@emsai.net
- Cc: whatwg@lists.whatwg.org
On Thu, Nov 13, 2014 at 5:17 PM, Roger Hågensen <rescator@emsai.net> wrote: > On 2014-11-13 20:20, Evan Stade wrote: > >> Currently this new behavior is available behind a flag. We will soon be >> inverting the flag, so you have to opt into respecting autocomplete="off". >> >> > I don't like that browsers ignore HTML functionality hints like that. > > I have one real live use case that would be affected by this. > http://player.gridstream.org/request/ > This radio song request uses autocomplete="off" for the music request > because a listener would probably not request the same bunch of songs over > and over. > autocomplete="off" will still be respected for autocomplete data. This should cover your use case. > Also the reason the name field also has autocomplete="off" is simple, if > somebody uses a public terminal then not having the name remembered is nice. > Only the user can figure out if they're at a public terminal. > > Also, banks generally prefer to have autocomplete="off" for credit card > numbers, names, addresses etc. for security reasons. And that is now to be > ignored? > I'm not sure what security threat is addressed by respecting autocomplete="off". > > > Also note that in Norway this month a lot of banks are rolling out BankID > 2.0 which does not use Java, instead they use HTML5 tech. > And even todays solution (like in my bank) login is initiated by entering > my social ID number, which is entered into a input field with the text with > autocompelete="off". > Now my computer I have full control over but others may not (work place > computer, they walk off for a coffee) and someone could walk by and type > the first digit 0-9 and see whatever social id numbers had been entered. > This is also autocomplete, not Autofill (in Chrome parlance).
Received on Friday, 14 November 2014 07:02:46 UTC