- From: John Foliot <john.foliot@deque.com>
- Date: Tue, 27 Feb 2018 15:39:39 -0600
- To: WCAG <w3c-wai-gl@w3.org>
- Cc: stommepoes@stommepoes.nl
- Message-ID: <CAKdCpxw4Pd+zj6pbmJG6oMNJSR-1w92wR2gW+6hajOM9qJtbDg@mail.gmail.com>
Greetings all, On today's call, I took the action to respond to Issue #775 <https://github.com/w3c/wcag21/issues/775>. Before responding, I needed / wanted to do some basic testing myself. I have created two forms that both include all 53 of the current @autocomplete tokens. The first form ( https://john.foliot.ca/demos/autofill.php) uses input type="text" for all 53 inputs, and submitting the form echo's back the data being captured in the form fields. (Go ahead, give it a whirl.) I have also created a second form, but this time I changed the bulk of the inputs to type="hidden" (I left the name-related fields as type="text", as most browsers and helper apps need at least "Name" to trigger the autocomplete functionality). The second form can be found at: https://john.foliot.ca/demos/autofill_hidden.php My basic testing confirms that when a field input is marked as "hidden", the autocomplete functionality is removed or otherwise disabled by the browsers to preserve user security. I have not done any further (advanced) testing, and so I cannot rule out the possibility of rogue sites using other scripted methods <https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/> to try and attempt to override this security feature. We likely need to add a comment in the Understanding document noting this fact (maybe?). I am in need of testing assistance for the OSX platform, as well as iOS. If you care to help, please ping me off-line. Based upon these test results, I will craft a response for Issue 775 later today. JF -- John Foliot Principal Accessibility Strategist Deque Systems Inc. john.foliot@deque.com Advancing the mission of digital accessibility and inclusion
Received on Tuesday, 27 February 2018 21:40:16 UTC