W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2014

Re: [whatwg] PSA: Chrome ignoring autocomplete="off" for Autofill data

From: Roger Hågensen <rescator@emsai.net>
Date: Fri, 14 Nov 2014 08:19:33 +0100
Message-ID: <5465AD05.1070309@emsai.net>
To: whatwg@lists.whatwg.org
On 2014-11-13 20:20, Evan Stade wrote:
> Chrome already ignores the prevalent autocomplete="off" for password
> fields. We plan to ignore this tag for Autofill (addresses, credit cards)
> fields as well. autocomplete="off" will still be respected for autocomplete
> data (e.g. past searches on crbug.com).

What about repetitive entries of varied data?

An accountant entering names, addresses and telephone numbers into a 
In this case the suggestions may just be a nuisance as you are entering 
a ton of varied information and unless they are all named John Smith the 
autocomplete is pretty useless. Take an amount of 1463.57 now does that 
really need to be stored in the autocomplete list?
A medical assistant entering information into various fields.
In this case a autocomplete should probably not be shown for decency 
sake as the last thing you want is "Rape" being suggested when you are 
trying to type "Rhythmic Arrhythmia" (tasteless example I know but in 
theory somethig similar could happen).

These people may log in then log out and somebody else sits down.
You might say that it's up to the admin to ensure the machine is set up 
properly to not autocomplete anything, but what if it's not?
At least a Web App mitigate some of this issue or provide autocomplete 
on the majority of input fields except a select few and so on.

Now I could care less what the default is for any of these on or off is 
fine, but the key is that they can be set to be on or off.
In a web app this may be preferable as a setting in the web apps 
preferences page.

This is thinking of single user only.

If browser user profiles are ever added then this may no longer be a 
issue (as any autocomplete would then follow the users), this also fits 
into the whole "The browser as a OS" idea.

When a major framework ads a workaround for some fields to have 
autocomplete disabled the others will follow and suddenly nobody are 
using type="email" and similar, they'll all be using textarea with style 
set to resize none and height 1em and various ways to deal with pressing 
enter and different ways of submitting the form. I'd rather not have to 
deal with that as either a user nor a developer.
When I set up HTML contact forms I always leave the default (i.e. I do 
not define autocomplete at all) thus respecting the user's wishes 
As a developer I can easily change the cone I'm working on to do 
whatever I want, but as a user I can't change the code of other sites.

Remember "Do Not Track"? I loved that idea, but IE enforced it by 
default and now it's just useless, even though it's set in my browser 
I've yet to see a single site respect it. Would that have been the case 
if it had  not been forced by default? I've no idea. But I know there is 
always a cause and effect.

I think ignoring autocomplete="off" for all fields (especially for 
type="text") is a huge mistake, don't say I didn't warn anyone!

Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/
Received on Friday, 14 November 2014 07:20:01 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:26 UTC