Bug 159051
| Summary: | Forms/inputs don't respect autocomplete=off | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Samuel Williams <samuel> |
| Component: | Forms | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | jberlin, rmondello |
| Priority: | P2 | ||
| Version: | Safari 10 | ||
| Hardware: | All | ||
| OS: | macOS 10.12 | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=10951 | ||
Samuel Williams
We have several internal systems where you manage other users usernames and passwords. Even when using autoccomplete=off, Safari attempts to fill in the fields with your own data. When autocomplete=off is set, Safari should not attempt to fill in the form.
As a side effect of this, lots of work-arounds have been proposed, e.g. naming form fields differently, using JavaScript to trick the autocomplete system. IMHO this is completely insane.
However, if this is not possible to simply respect autocomplete=off due to high level policy, perhaps a user-facing feature e.g. right-click and "Disable auto-complete for this page" would be sufficient.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Samuel Williams
Perfect summary of why this is a bad idea: https://www.troyhunt.com/the-cobra-effect-that-is-disabling/
Samuel Williams
I just wanted to add, the overzealous auto-complete system does weird things on Linode. It tries to auto-complete a username into the VPS disk space provision box. That's right, a box for how large you want the partition to be, gets filled in with your login name. It's not even a login form.
Sam Sneddon [:gsnedders]
See bug 10951 for the opposite request; as mentioned there, this is actually Safari behaviour and not WebKit behaviour, which also means this a WebKit bug.