Add privacy recommendation to autofill/autocomplete attribute #7007
Labels
privacy-tracker
Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
security/privacy
There are security or privacy implications
The way browsers implement the autofill, the values of auto-filled form fields can be read programmatically (they even trigger the change and input events) in the same way the fields would behave if the user had modified the control's data manually. This follows the processing model description:
But it also leads to a potential privacy issue: developers can get the user's personal data without the user's explicit consent (before the form is actually submitted). Therefore, a recommendation for user agents should be added, stating that they may/should implement measures to prevent such behavior.
The idea would be for the notice to be similar to the one from CSS
:visited
pseudo-class:Maybe something in the line of:
This recommendation/warning would be different from #3719 as it affects both visible and non-visible fields.
The text was updated successfully, but these errors were encountered: