You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 3, 2023. It is now read-only.
As HTML5 is now officially supported in Contao, I'd like to see password input fields disabling autocomplete in the backend / DCA by default, and maybe some frontend password input fields (most notably the password reset field in the "personal data" module). You should also be able to set the autocomplete attribute via DCA.
Why?
First of all, there is one major issue when letting your browser save your credentials for the backend login (which is not advised but cannot be forbidden): When you e. g. edit members/users, the password field can be pre-filled with the editor's password, triggering an error when you try to save it (due to the empty password check field). This could apply to every "password" field e. g. used in extensions.
Plus, we could teach users a lesson on how to handle login credentials (i. e. you shouldn't save them) if we disable autocomplete on the backend login page (not the frontend, though, as this impacts usability).
Apart from this, logically, backend form fields shouldn't be pre-filled by the user agent. The data entered here is simply not personal data (except maybe the user's personal data page). So backend forms should use the autocomplete attribute for forms
What about backwards compatibility / XHTML1 mode? No problem! Though autocomplete is only standardized in HTML5, the attribute has been honoured by most user agents for months and years. All other verions of user agents simply ignore the attribute. It won't validate in non-HTML5 but it won't trigger any error.
I dont think it is related to the password manager. I tells the browser not to store values you previously entered into that field. Highly important on credit card fields, I suppose password fields are disabled from autocompletition automatically.
--- Originally created on April 27th, 2011, at 02:04pm
It should mean that the user agent won't fill out any input element or form by itself where autocomplete is off. I guess it will disable the password manager if used in a login form (don't know what happens if only used with the password field – might disable auto-write of the password but not user name).
IMO, it should be added to all backend password and other sensitive input fields (to prevent the user agent from accidently entering the backend user's password in another user's password field – see #2835).
It could be added to the backend login form, to prevent people from storing sensitive login data in a browser. It should not be added to any frontend login form.
It could also be added to all backend forms but this could prevent the (very helpful) "previously entered data dropdowns" to disappear. Haven't tested that one yet.
--- Originally created on May 7th, 2011, at 03:28pm
As HTML5 is now officially supported in Contao, I'd like to see password input fields disabling autocomplete in the backend / DCA by default, and maybe some frontend password input fields (most notably the password reset field in the "personal data" module). You should also be able to set the autocomplete attribute via DCA.
Why?
What about backwards compatibility / XHTML1 mode? No problem! Though autocomplete is only standardized in HTML5, the attribute has been honoured by most user agents for months and years. All other verions of user agents simply ignore the attribute. It won't validate in non-HTML5 but it won't trigger any error.
Related issues: #2835, #2902
--- Originally created on April 19th, 2011, at 03:58pm (ID 3019)
The text was updated successfully, but these errors were encountered: