W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > April to June 2018

RE: Issue 948 SC 1.3.5 Identify Input Purpose - autocomplete technique VS Privacy/Security

From: Alastair Campbell <acampbell@nomensa.com>
Date: Tue, 5 Jun 2018 22:17:15 +0000
To: "White, Jason J" <jjwhite@ets.org>
CC: WCAG <w3c-wai-gl@w3.org>
Message-ID: <AM5PR0902MB200279CFC70A157AA67F8202B9660@AM5PR0902MB2002.eurprd09.prod.outlook.com>
Hi Jason,

That’s a slightly different issue, and one that has been raised and answered previously:

It generated a bug on HTML, which was resolved by including in HTML5.3(?) that “User agents should verify that all fields with the [autocomplete] attribute  wearing the <a>autofill expectation mantle</a> are visible within the viewport before automatically entering data.”

Adding a note is fine, I think it would be most appropriate on the technique for autofill.

However, I’m not sure what it would say as we don’t currently have an alternative (accessibility supported) technique to propose. So it would basically say: Use this technique, but just so you know here are some privacy & security issues with it… but you still have to use it.

One of the issues is something that the user-agents will have to tackle regardless of WCAG 2.1, and this latest one doesn’t really seem to be an issue.

Is it worth a note?


From: White, Jason J

Safari under Mac OS doesn’t complete form fields unless I move focus to the field and explicitly choose to invoke the automatic completion.

I don’t know whether other browsers will follow this example. Privacy concerns associated with autocomplete have surfaced recently, focusing on exploitation by third-party tracking scripts associated, presumably, with advertising.

It should be noted that, as emphasized in the article, the feature is working as designed – there’s no hitherto unknown vulnerability here.

I would suggest including the “autocomplete” technique as planned, but adding a note (if it isn’t already in the draft) on its privacy and security implications.
Received on Tuesday, 5 June 2018 22:17:43 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 21:08:26 UTC