Skip to content
Permalink
Browse files
[giow] (2) autofill: Encourage password saving.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=25879
Affected topics: HTML

git-svn-id: https://svn.whatwg.org/webapps@8794 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Sep 19, 2014
1 parent bace55e commit 544b5fcd2ffceda35387cfc10c89cc390d4003b0
Show file tree
Hide file tree
Showing 3 changed files with 197 additions and 15 deletions.
@@ -41583,11 +41583,65 @@ <h6 id=processing-model-4>4.10.19.8.2 Processing model</h6>
<p>A user agent may allow the user to override an element's <a href=#autofill-field-name id=processing-model-4:autofill-field-name-18>autofill field name</a>, e.g.
to change it from "<code id=processing-model-4:attr-fe-autocomplete-off-6><a href=#attr-fe-autocomplete-off>off</a></code>" to "<code id=processing-model-4:attr-fe-autocomplete-on-4><a href=#attr-fe-autocomplete-on>on</a></code>" to allow values to be remembered and prefilled despite
the page author's objections, or to always "<code id=processing-model-4:attr-fe-autocomplete-off-7><a href=#attr-fe-autocomplete-off>off</a></code>",
never remembering values. However, user agents should not allow users to trivially override the
<a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field name</a> from "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>" to
"<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or other values, as there are significant
security implications for the user if all values are always remembered, regardless of the site's
preferences.</p>
never remembering values.</p>

<p>More specifically, user agents may in particular consider replacing the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field
name</a> of form controls that match the description given in the first column of the following
table, when their <a href=#autofill-field-name id=processing-model-4:autofill-field-name-20>autofill field name</a> is either "<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>", with the value given in the second cell of that
row. If this table is used, the replacements must be done in <a href=#tree-order id=processing-model-4:tree-order>tree order</a>, since all
but the first row references the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-21>autofill field name</a> of earlier elements. When the
descriptions below refer to form controls being preceded or followed by others, they mean in the
list of <span>listed elements</span> that share the same <a href=#form-owner id=processing-model-4:form-owner-5>form owner</a>.</p>

<table><thead><tr><th>Form control
<th>New <a href=#autofill-field-name id=processing-model-4:autofill-field-name-22>autofill field name</a>

<tbody><tr><td>

an <code id=processing-model-4:the-input-element-5><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-2><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#text-(type=text)-state-and-search-state-(type=search)" id="processing-model-4:text-(type=text)-state-and-search-state-(type=search)">Text</a> state that is followed by an
<code id=processing-model-4:the-input-element-6><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-3><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)">Password</a> state

<td>

"<code id=processing-model-4:attr-fe-autocomplete-username-2><a href=#attr-fe-autocomplete-username>username</a></code>"


<tr><td>

an <code id=processing-model-4:the-input-element-7><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-4><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-2">Password</a> state that is preceded by an
<code id=processing-model-4:the-input-element-8><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-23>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-username-3><a href=#attr-fe-autocomplete-username>username</a></code>"

<td>

"<code id=processing-model-4:attr-fe-autocomplete-current-password-2><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"


<tr><td>

an <code id=processing-model-4:the-input-element-9><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-5><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-3">Password</a> state that is preceded by an
<code id=processing-model-4:the-input-element-10><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-24>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-current-password-3><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"

<td>

"<code id=processing-model-4:attr-fe-autocomplete-new-password-2><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"


<tr><td>

an <code id=processing-model-4:the-input-element-11><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-6><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-4">Password</a> state that is preceded by an
<code id=processing-model-4:the-input-element-12><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-25>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-new-password-3><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"

<td>

"<code id=processing-model-4:attr-fe-autocomplete-new-password-4><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"


</table>

<p>The <dfn id=dom-fe-autocomplete><code>autocomplete</code></dfn> IDL attribute, on getting,
must return the element's <a href=#idl-exposed-autofill-value id=processing-model-4:idl-exposed-autofill-value-5>IDL-exposed autofill value</a>, and on setting, must
64 index
@@ -41583,11 +41583,65 @@ MIT Room 32-G524
<p>A user agent may allow the user to override an element's <a href=#autofill-field-name id=processing-model-4:autofill-field-name-18>autofill field name</a>, e.g.
to change it from "<code id=processing-model-4:attr-fe-autocomplete-off-6><a href=#attr-fe-autocomplete-off>off</a></code>" to "<code id=processing-model-4:attr-fe-autocomplete-on-4><a href=#attr-fe-autocomplete-on>on</a></code>" to allow values to be remembered and prefilled despite
the page author's objections, or to always "<code id=processing-model-4:attr-fe-autocomplete-off-7><a href=#attr-fe-autocomplete-off>off</a></code>",
never remembering values. However, user agents should not allow users to trivially override the
<a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field name</a> from "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>" to
"<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or other values, as there are significant
security implications for the user if all values are always remembered, regardless of the site's
preferences.</p>
never remembering values.</p>

<p>More specifically, user agents may in particular consider replacing the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field
name</a> of form controls that match the description given in the first column of the following
table, when their <a href=#autofill-field-name id=processing-model-4:autofill-field-name-20>autofill field name</a> is either "<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>", with the value given in the second cell of that
row. If this table is used, the replacements must be done in <a href=#tree-order id=processing-model-4:tree-order>tree order</a>, since all
but the first row references the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-21>autofill field name</a> of earlier elements. When the
descriptions below refer to form controls being preceded or followed by others, they mean in the
list of <span>listed elements</span> that share the same <a href=#form-owner id=processing-model-4:form-owner-5>form owner</a>.</p>

<table><thead><tr><th>Form control
<th>New <a href=#autofill-field-name id=processing-model-4:autofill-field-name-22>autofill field name</a>

<tbody><tr><td>

an <code id=processing-model-4:the-input-element-5><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-2><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#text-(type=text)-state-and-search-state-(type=search)" id="processing-model-4:text-(type=text)-state-and-search-state-(type=search)">Text</a> state that is followed by an
<code id=processing-model-4:the-input-element-6><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-3><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)">Password</a> state

<td>

"<code id=processing-model-4:attr-fe-autocomplete-username-2><a href=#attr-fe-autocomplete-username>username</a></code>"


<tr><td>

an <code id=processing-model-4:the-input-element-7><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-4><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-2">Password</a> state that is preceded by an
<code id=processing-model-4:the-input-element-8><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-23>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-username-3><a href=#attr-fe-autocomplete-username>username</a></code>"

<td>

"<code id=processing-model-4:attr-fe-autocomplete-current-password-2><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"


<tr><td>

an <code id=processing-model-4:the-input-element-9><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-5><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-3">Password</a> state that is preceded by an
<code id=processing-model-4:the-input-element-10><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-24>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-current-password-3><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"

<td>

"<code id=processing-model-4:attr-fe-autocomplete-new-password-2><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"


<tr><td>

an <code id=processing-model-4:the-input-element-11><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-6><a href=#attr-input-type>type</a></code> attribute is in
the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-4">Password</a> state that is preceded by an
<code id=processing-model-4:the-input-element-12><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-25>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-new-password-3><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"

<td>

"<code id=processing-model-4:attr-fe-autocomplete-new-password-4><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"


</table>

<p>The <dfn id=dom-fe-autocomplete><code>autocomplete</code></dfn> IDL attribute, on getting,
must return the element's <a href=#idl-exposed-autofill-value id=processing-model-4:idl-exposed-autofill-value-5>IDL-exposed autofill value</a>, and on setting, must
84 source
@@ -53394,11 +53394,85 @@ MIT Room 32-G524
to change it from "<code data-x="attr-fe-autocomplete-off">off</code>" to "<code
data-x="attr-fe-autocomplete-on">on</code>" to allow values to be remembered and prefilled despite
the page author's objections, or to always "<code data-x="attr-fe-autocomplete-off">off</code>",
never remembering values. However, user agents should not allow users to trivially override the
<span>autofill field name</span> from "<code data-x="attr-fe-autocomplete-off">off</code>" to
"<code data-x="attr-fe-autocomplete-on">on</code>" or other values, as there are significant
security implications for the user if all values are always remembered, regardless of the site's
preferences.</p>
never remembering values.</p>

<p>More specifically, user agents may in particular consider replacing the <span>autofill field
name</span> of form controls that match the description given in the first column of the following
table, when their <span>autofill field name</span> is either "<code
data-x="attr-fe-autocomplete-on">on</code>" or "<code
data-x="attr-fe-autocomplete-off">off</code>", with the value given in the second cell of that
row. If this table is used, the replacements must be done in <span>tree order</span>, since all
but the first row references the <span>autofill field name</span> of earlier elements. When the
descriptions below refer to form controls being preceded or followed by others, they mean in the
list of <span>listed elements</span> that share the same <span>form owner</span>.</p>

<table>

<thead>
<tr>
<th>Form control
<th>New <span>autofill field name</span>

<tbody>


<tr>

<td>

an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
the <span data-x="attr-input-type-text">Text</span> state that is followed by an
<code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
the <span data-x="attr-input-type-password">Password</span> state

<td>

"<code data-x="attr-fe-autocomplete-username">username</code>"


<tr>

<td>

an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
the <span data-x="attr-input-type-password">Password</span> state that is preceded by an
<code>input</code> element whose <span>autofill field name</span> is "<code
data-x="attr-fe-autocomplete-username">username</code>"

<td>

"<code data-x="attr-fe-autocomplete-current-password">current-password</code>"


<tr>

<td>

an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
the <span data-x="attr-input-type-password">Password</span> state that is preceded by an
<code>input</code> element whose <span>autofill field name</span> is "<code
data-x="attr-fe-autocomplete-current-password">current-password</code>"

<td>

"<code data-x="attr-fe-autocomplete-new-password">new-password</code>"


<tr>

<td>

an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
the <span data-x="attr-input-type-password">Password</span> state that is preceded by an
<code>input</code> element whose <span>autofill field name</span> is "<code
data-x="attr-fe-autocomplete-new-password">new-password</code>"

<td>

"<code data-x="attr-fe-autocomplete-new-password">new-password</code>"


</table>

<p>The <dfn><code data-x="dom-fe-autocomplete">autocomplete</code></dfn> IDL attribute, on getting,
must return the element's <span>IDL-exposed autofill value</span>, and on setting, must

0 comments on commit 544b5fc

Please sign in to comment.