Google Chrome Android ignores autocomplete="off" for autofill-data for honeypot-field

[nebrot]

Problem
We have multiple sites with powermail and the number of false positive spamnotifications increased much since last year, especially for Google Chrome for Android.
Google decided to ignore autocomple="off" for autofill-data in Google Chrome for Android:

First and foremost, Autofill in Chrome exists to help our everyday users get through common forms (address forms, contact forms, checkout forms, etc) across the web. This has become especially important on mobile devices, where typing on virtual keyboards is both difficult and annoying. Autofill tries to make this experience better, and it's used millions of times per day by Chrome users.
The tricky part here is that somewhere along the journey of the web autocomplete=off become a default for many form fields, without any real thought being given as to whether or not that was good for users. This doesn't mean there aren't very valid cases where you don't want the browser autofilling data (e.g. on CRM systems), but by and large, we see those as the minority cases. And as a result, we started ignoring autocomplete=off for Chrome Autofill data.

https://bugs.chromium.org/p/chromium/issues/detail?id=468153#c164
https://bugs.chromium.org/p/chromium/issues/detail?id=468153#c29
https://support.google.com/chrome/answer/142893?hl=en

Because of that honeypot is often filled with some value like email-address.

Steps to reproduce

1. Create a form with some required fields: name, e-mail, subject, message
2. Enable honeypot and spamnotification
3. Add {requestPlain} in template for SpamNotification.html
4. Open page in Chrome for Android and use autofill
5. Honeypot gets filled => See [__hp] in spamnotification

Possible fix
Change
<f:form.textfield name="field[__hp]" value="" id="powermail_hp_{form.uid}" additionalAttributes="{autocomplete: 'off'}" />
to for example
<f:form.textfield name="field[__hp]" value="" id="powermail_hp_{form.uid}" additionalAttributes="{autocomplete: 'new-hp'}" />
This change avoid autofilling in Chrome for Android.
https://stackoverflow.com/a/30873633

System
Android: 7.0
Chrome Android: 58.0.3029.83
Powermail: 3.19.0
TYPO3: 8.7.1

[nebrot]

@einpraegsam Did you already have some time to look into this issue? :-)

[einpraegsam]

First of all: Thx for the time that you spent with the problem.
I asked a frontend collegue of in2code and we discussed it. We're not totally sure, if that is the best way (What will be in 2 month in chrome? What will other browsers do?). Nevertheless we think that you're right. I will push an update to develop branch.

[einpraegsam]

Pushed change to develop branch. Ready for upcoming release.

[nebrot]

Thank you for the fix and this great extension! :-)