Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set autocomplete attribute on input elements appropriately #2300

Merged
merged 1 commit into from
Aug 9, 2023

Conversation

floehopper
Copy link
Contributor

@floehopper floehopper commented Aug 8, 2023

Trello: https://trello.com/c/WHsgcFDz

This explicitly sets the autocomplete attribute to "off" on all input elements unless there is a specificly suitable value, e.g. "name", "email", "current-password", "new-password". Note that these values must apply for the current user and not for another user, e.g. when a user is editing the details of another user, autocomplete should be set to "off" for the "name" & "email" fields.

The original motivation behind this was that some password managers were filling in the "name" and "email" fields on the edit user page. This was because autocomplete was not set on the fields, the password manager heuristics decided that they were legitimate "name" & "email" fields, and (since there was only one matching item for the domain) the password manager filled the field with the current user's name and email address. This should no longer happen, because we are now setting autocomplete to "off" for those two fields.

I have manually tested all the affected pages in Firefox on MacOS.

@floehopper floehopper requested a review from mike29736 August 8, 2023 15:19
Copy link
Contributor

@mike29736 mike29736 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Trello: https://trello.com/c/WHsgcFDz

This explicitly sets the autocomplete attribute to "off" on all input
elements unless there is a specificly suitable value, e.g. "name",
"email", "current-password", "new-password" [1]. Note that these values
must apply for the current user and not for another user, e.g. when a
user is editing the details of another user, autocomplete should be set
to "off" for the "name" & "email" fields.

The original motivation behind this was that some password managers were
filling in the "name" and "email" fields on the edit user page. This was
because autocomplete was not set on the fields, the password manager
heuristics decided that they were legitimate "name" & "email" fields,
and (since there was only one matching item for the domain) the password
manager filled the field with the current user's name and email address.
This should no longer happen, because we are now setting autocomplete to
"off" for those two fields.

[1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete#values
@floehopper floehopper force-pushed the set-autocomplete-on-input-fields branch from eda142d to 57687ef Compare August 9, 2023 09:29
@floehopper floehopper merged commit 06fed2d into main Aug 9, 2023
@floehopper floehopper deleted the set-autocomplete-on-input-fields branch August 9, 2023 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants