On Wed, Nov 27, 2013 at 11:22 PM, Yin, Li <[email protected]> wrote: > Hi Alexis, >
Hi, > > > Developers can disable auto complete feature through the Java interface > “setSaveFormData(false)”, it won’t save all the input texts if it is > disabled. > > The default value is enabled, because WebView enabled it by default. > > You can see: > http://developer.android.com/reference/android/webkit/WebSettings.html#setSaveFormData(boolean) > Right. Most of our users are not Java people. Remember they deploy a web application, a .wgt. They don't have access to Java, they don't code in Java so how they deactivate it ? My quick search on Google shows that people are super unhappy with that feature especially the PhoneGap users. http://roysutton.com/2012/02/21/preventing-auto-fill-in-android-webview/ http://stackoverflow.com/questions/7849443/android-webview-phonegap-disable-autocorrect-autocapitalize-and-autocomplete http://stackoverflow.com/questions/14099440/disable-autocomplete-on-android https://groups.google.com/forum/#!topic/phonegap/rIDv_sr1Pkg ... You don't want them to put autocomplete="off" on all their input fields if they don't want autocompletion. Are we also testing that the HTML elements are behaving correctly with the autocomplete attribute? It's probably covered upstream but we need to make sure. > > We are using data base to store input texts, which is the same with > Chromium. > Some secret information such as Credit number always won’t be saved event > if auto complete feature is enabled. > If the developer has set the correct flag on the element otherwise it is stored as a default. > > > Now, auto complete feature is not only for browser, android webview also > implemented it. > > We should keep align with Android WebView. > Not blindly. We're making a runtime, not a WebView. There are various problems with that feature that nobody have considered here and we should probably go through our security team. Here is an example : - I download a Xwalk based app - I put my personal data into some fields - The developer of the app is not very good, and forgot to autocomplete="off" my password field - Get stored - User of the app have no way to delete the entry like in Chromium, it becomes exposed to whoever want to use it. One other consideration : The database is shared between Xwalk apps just like Chromium but with the user of the app unable to clear the history (like Chromium) it is potentially a problem. Do we want sharing between the instances of Xwalk for such data? It needs to be carefully considered. Other question : Why we need these Java APIs? Why they need to be exposed? Who is going to use them (you say "developer" but our developer are not Java people)? Is that needed for the Cordova-container (I would assume no)? I don't think we need the Java APIs, we probably need the feature and a way to interact with it but that's not with Java that's going to happen because most people won't use Java, they will pack directly their web app and it will be a failure if they have to go through Java to control some stuff. That's why we need runtime flags that you pass when you execute xwalk or some settings in the manifest to tell that you don't want a given feature. So for me as-is it's not LGTM. I'd like a more extensive proposal. > > Regards, > > Li Yin > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Alexis Menard > *Sent:* Wednesday, November 27, 2013 8:16 PM > *To:* Yin, Li > *Cc:* Zhu, Yongsheng; [email protected] > > *Subject:* Re: [Crosswalk-dev] Intent to Implement: [Android] Implement > autocomplete feature for Xwalk > > > > Hi, > > > > Few questions : > > > > - The file storage is not crypted? Is it open to read if I let say use the > File Manager application on my phone to access. It may not be related but > remember all the buzz around Chrome storing your infos in plain text. > > - We need a runtime flag for that because some apps are not going to want > that for various reasons (not storing sensitive information) so we should > give a way to disable that support. > > - Do we support disabling in some ways for specific fields (this may be > more a JS/HTML thing)? For example one may not want to store the input > value of a credit card so that the completion does not show it afterwards. > And this will also make sure that the content is not stored into my > completion suggestion of my android keyboard (let say you use Samsung > phones or SwitfKey). > > > > Overall I think it's more a browser feature than an web app/games feature > but I can see few uses cases. Let make sure we can opt-out, this is a very > tricky problem. > > > > Thanks. > > > > On Tue, Nov 26, 2013 at 11:46 PM, Yin, Li <[email protected]> wrote: > > Thanks. > > > > PR can be found here: > https://github.com/crosswalk-project/crosswalk/pull/1132 > > Comments are welcome. > > > > Regards, > > Li Yin > > > > *From:* Zhu, Yongsheng > *Sent:* Wednesday, November 27, 2013 9:25 AM > *To:* Yin, Li; Ming, Bai; [email protected] > *Subject:* RE: [Crosswalk-dev] Intent to Implement: [Android] Implement > autocomplete feature for Xwalk > > > > Lgtm. Li, please go ahead. > > > > Yongsheng > > > > *From:* Crosswalk-dev [ > mailto:[email protected]<[email protected]>] > *On Behalf Of *Yin, Li > *Sent:* Monday, November 25, 2013 2:49 PM > *To:* Ming, Bai; [email protected] > *Subject:* Re: [Crosswalk-dev] Intent to Implement: [Android] Implement > autocomplete feature for Xwalk > > > > Yes, it supports Xwalk APP. > > > > Currently, I am using “RuntimeContext::GetPath()” to get the default path, > which will be as the destination to store autofill data. > > From the code, it is “DIR_ANDROID_APP_DATA”, which is the same with > Android chrome webview. > > > > Regards, > > Li Yin > > *From:* Crosswalk-dev [ > mailto:[email protected]<[email protected]>] > *On Behalf Of *Ming, Bai > *Sent:* Monday, November 25, 2013 1:38 PM > *To:* [email protected] > *Subject:* Re: [Crosswalk-dev] Intent to Implement: [Android] Implement > autocomplete feature for Xwalk > > > > Will it support xwalk application? > If yes, perhaps we need to figure out the best place to store the autofill > data, maybe somewhere under the application's storage. > > - Ming, Bai > > On 11/25/2013 11:16 AM, Yin, Li wrote: > > *Summary:* > > Every time the user submits a form, entries in text input fields organized > by the name of the field specified in html get stored in the database under > the profile. > > When the user opens a webpage containing a form and types into one of the > fields, Xwalk checks the database for past entries into fields with the > same name. > > As the user types, a pop-up menu appears allowing the user to select from > entries which match the prefix already entered. > > > > *Affected component:* N/A > > > > *Related feature: *XWALK-157 < > https://crosswalk-project.org/jira/browse/XWALK-157> > > > > *Target Release:* Crosswalk 3 > > > > *Implementation details*: > > - XWalkSettings class provides set/getSaveFormData API, which can control > the suggestion dialog will be popped up or not. > > - XWalkContent class provides getFormDatabase interface to get an > XWalkFormDatabase object. > > Through XWalkFormDatabase object, developers can call hasFormData() to > check if there is relevant database, and can clear form database through > clearFormData(). > > - In native code side, added followed files to implement auto complete. > > xwalk_autofill_manager_delegate.cc > > xwalk_autofill_manager_delegate.h > > xwalk_form_database.cc > > xwalk_form_database.h > > xwalk_form_database_service.cc > > xwalk_form_database_service.h > > - In java code side, followed files are created: > > XWalkAutofillManagerDelegate.java > > XWalkFormDatabase.java > > > > Regards, > > Li Yin > > > > _______________________________________________ > > Crosswalk-dev mailing list > > [email protected] > > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev > > > > > _______________________________________________ > Crosswalk-dev mailing list > [email protected] > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev > > > > > > -- > Alexis Menard > > _______________________________________________ > Crosswalk-dev mailing list > [email protected] > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev > > -- Alexis Menard
_______________________________________________ Crosswalk-dev mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev
