-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define eligibility for autofill #8801
base: main
Are you sure you want to change the base?
Conversation
@domenic - is there a process in WhatWG for us to get this PR reviewed? We'd be interested to hear any feedback :). Christoph will be sending request for positions to the other browsers for the part of this spec change that is new soon (e.g., the shared-autofill policy and the behavior it enables), so we may also hear feedback from them there ofc. |
Some mechanisms you can use:
|
Ack, thanks Domenic. @schwering - I suggest we start with the WebKit and Gecko standards-position repos (request for position), and see if we get any feedback there. Happy to assist you in drafting/sending those requests, just lmk if I can help :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for writing this up!
Couple things:
- It reads like an introduction for Autofill, but then suddenly switches to making requirements. That's less than ideal. Especially with a later subsection titled "Processing model".
- The examples do not use the
autocomplete
attribute. I understand user agents typically support that, but none of that is standard and I'm not sure we want to encourage folks relying on it. - The cross-document example could detail the specifics of the
input
element a bit more. - You need to hook into the Permissions Policy processing model.
For the merchant, this design combines security and flexibility: the cross-origin iframes isolate the sensitive payment information from the merchant's infrastructure (which helps them with PCI DSS compliance), yet the merchant can arrange and style the fields in their website's look and feel.
This doesn't explain how the merchant accomplishes styling the fields. Also, PCI DSS is a pretty broad reference for someone unfamiliar with this field. It would help to have a more relevant quote about the requirements.
Also, is there more information as to why there is an expectation that merchants will adopt this as opposed to payment APIs?
cc @whatwg/forms |
There are a few items I'd like to understand better before we decide on our position to this proposal.
|
Thank you both for the feedback! A couple of questions regarding Anne's feedback:
The last sentence of the introduction transitions to the next subsection, doesn’t it? What do you have in mind to make the transition more smoothly? As for the processing model subsection, I think ideally it’d be a subsection of the autocomplete attribute, but it’s already an
I think using the autocomplete attribute in the example forms leads to a dependency problem:
I see how using the
I’ve added a minimal example document. Is that what you had in mind?
How do you mean? I was intentionally following the pattern of the two other policy-controlled features in the standard: the Replies to Sergey's questions:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks okay, but it would be great to have a version that does not fail the build so I can look at how at it in context better.
source
Outdated
</div> | ||
|
||
<p>The user agent may fill multiple controls at once even if they have different | ||
<span data-x="form owner">form owners</span>, <span>root</span> elements, or even |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
root nodes (typically root is a document after all)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To clarify in case I'm using the wrong terminology here: I'm trying to say that even if
- form control A's root is a Document and
- form control B's root is a (non-null) shadow root,
- form control C's root is another (non-null) shadow root,
then A, B, C may be filled in together.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, it's just that shadow roots and documents are not elements. Looks okay now.
source
Outdated
<p>The user agent may fill multiple controls at once even if they have different | ||
<span data-x="form owner">form owners</span>, <span>root</span> elements, or even | ||
<span data-x="node document">node documents</span>. However, the user agent should not fill in a | ||
field if that field is not <span>eligible for autofill</span>.</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not entirely clear to me this is "should not" material. Whenever the user agent would not follow this they have a good reason (to serve the end user's interests) so it seems stronger than it actually is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a note further down that lists reasons why a user agent not-fill eligible fields or fill not-eligible fields. WDYT?
b6b2696
to
dcf22fa
Compare
Thanks for the feedback, Anne! I've updated the PR but I'll upload another patch that extends the example and note. The build fails at the deploy stage though because I created this PR from schwering:main rather than a new branch. It seems that GitHub does not allow renaming the source branch of an existing PR. I've uploaded a built version, if that helps. |
source
Outdated
</div> | ||
|
||
<p>The user agent may fill multiple controls at once even if they have different | ||
<span data-x="form owner">form owners</span>, <span>root</span> elements, or even |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, it's just that shadow roots and documents are not elements. Looks okay now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Introduces a necessary condition for a user-agent to autofill a collection of form controls: A form control C is eligible for autofill if C's node document D is fully active and one of the following is true: - Some element is focused and its node document's origin is the same origin as D's origin. - The shared-autofill feature is enabled in document for D's origin. Above, "shared-autofill" refers to a new policy-controlled feature. Explainer: https://github.com/schwering/shared-autofill We have no Web Platform Tests because there is no JavaScript API for triggering Autofill. In particular, there is no API for storing or accessing data to be filled (e.g., a credit card). Chromium integration tests for autofilling forms that span multiple frames are here: https://crsrc.org/chrome/browser/autofill/autofill_across_iframes_browsertest.cc
This commit extends the example to explain how and why payment forms today use cross-origin iframes. It also extends the note to explain why a user agent might ignore share-autofill or fill in controls even when shared-autofil is disabled.
Thanks! I've addressed the nits and rebased the PR. |
Introduces a necessary condition for a user-agent to autofill a collection of form controls:
(See WHATWG Working Mode: Changes for more details.)
/acknowledgements.html ( diff )
/form-control-infrastructure.html ( diff )
/forms.html ( diff )
/index.html ( diff )
/infrastructure.html ( diff )
/references.html ( diff )