-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit: input fields have appropriate type & autocomplete attributes #1639
Comments
Will try to start tackling this middle of this week. Also, those articles are 🔥🔥🔥, bookmarked pretty much all of them lol |
@paulirish @ebidel Would this audit fall under DBW category or something else? |
It can go in the dbw folders. Not a big deal really.
…On Jun 3, 2017 9:06 PM, "Michael Stramel" ***@***.***> wrote:
@paulirish <https://github.com/paulirish> @ebidel
<https://github.com/ebidel> Would this audit fall under DBW category or
something else?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1639 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACZF6m_5e0KFHNmo5RC0lTUlWof1Q4Gks5sAi04gaJpZM4L3BuP>
.
|
I'm not having any luck with the |
@stramel it doesn't trigger on a lot of fields. In the google login form, I get the prediction info on the password field. and i also get it on the mint.com signin form. but that said, this data isn't exposed over the protocol so we can't use it. :/ |
@paulirish that's a shame, I had looked into it to see if there would be a way. I started on this will probably have a couple questions. One that I have now is, is there a good way to check all the way through the Shadow Dom? I have a way to do it already but it isn't super clean. |
#2371 has the best technique right now |
@paulirish Maybe I'm over thinking this, how am I supposed to be determining which autocomplete would be best? Is it Or should I just be checking if they have autocomplete? Should I ensure they are using the appropriate type for the autocomplete? Sorry, I think I'm confused lol |
@paulirish Ping :) |
@paulirish Just checking if you may have missed this? |
A few months back DevTools landed a patch which includes analysis for login fields: https://chromium-review.googlesource.com/c/chromium/src/+/606827 I believe it recommends appropriate attributes for the various input elements, including values. They are emitted as |
This extremly annooying! I don't want autocomplete on my forms. But since Chrome throw these annoying messages, I added autocomplete to all inputs with autocomple=Off, but it still complaining! WTF! |
Same issue as @assunluis80 -- the validation warning is not respecting the spec: autocomplete="off". |
@assunluis80 @c-dante if you folks have an issue with scope of the violations surfaced by Chrome itself, please file a bug over at http://crbug.com/ to hash it out. |
@patrickhulce Thanks -- this was the resource that came up from searching the error -- will use the bug report! |
There are three related things we want to audit:
type
/inputmode
attributes so they get custom keyboards on mobileautocomplete
attributes so they get payment autofill magic.autocomplete
attributes so they get autofill/autocomplete magicIn all three cases, ideal UX is Lighthouse analyzes each field and validates the appropriate
type
andautocomplete
value is set on it.appropriate input
inputmode
attributesWe want the user to get a nice keyboard on mobile when it makes sense. https://technology.blog.gov.uk/2020/02/24/why-the-gov-uk-design-system-team-changed-the-input-type-for-numbers/
(
input[type]
used to be the hack for this but is a bad choice now that inputmode is everywhere. :)impl notes:
chrome://flags/#show-autofill-type-predictions
may help some. It provides this sort of data:autocomplete
for payment formsSee:
We'd like to consider the various input fields and suggest which autocomplete attribute value you should use for them. Basically one of the 53 autofill detail tokens or
off
(if you dont want any autofill to apply (generally discouraged)) oron
(if theres no appropriate token but you'd like autofill to attempt anyway)chrome://flags/#show-autofill-type-predictions
exposes what the current clientside and serverside heuristics are determining. We would take a lower confidence level than what Chrome would use to prompt the user, but the confidence rating isn't exposed currently.autocomplete
for login formsSee:
input fields should get
autocomplete
attribute values ofusername
,current-password
new-password
. This may or may not enable "Smart Lock for Passwords", new password generation, proper password saving, etc. We need to verify these as the documentation is sparse.To enable this we'll need an
input-elements.js
gatherer:Get all input elements, maybe grouped by
<form>
. For eachinput
, we'd want to knowtype
,name
,autocomplete
, outerHTML snippet (like in a11y gatherer).The text was updated successfully, but these errors were encountered: