2008/11/12 Felix <[EMAIL PROTECTED]> > > Mike Samuel wrote: > > I think I'd like to enforce autocomplete=off for all cajoled forms > and > > cajoled form inputs. that sidesteps the problem of "what if this > input > > changes type?" > > > > > > What about an input that the gadget is passed that was not created by > > DOMita or html-sanitizer, such that the gadget is capable of modifying > > the type|name? >
Thanks for the explanation of the relationship between input elements and records in the form history DB but I think that's orthogonal to my question. What I was trying to get at here is how and when to set the autofill attribute. We can set the autofill attribute on all nodes created via the tamed API, but that does not help us with nodes created via other means. Does autofill occur a the time a node is attached to the document, at onload time, and/or when a document is reloaded after a history navigation causes the document to be reloaded? > > ok, I think I need better terminology. > > * autocomplete means, if I click or type on a field, > the browser will offer suggestions based on saved value history. > > in ff3, these suggestions come from any field with the same name, > regardless of what page the value was typed on. > ff3 only has autocomplete for text fields, not password fields. > > that seems pretty harmless, since it requires deliberate user action, > and the spoof potential is the same as the general phishing problem. > > * autofill means, without clicking or typing on a field, > the browser will set a field to a saved value. > > in ff3, autofill can happen for any form that has a password field, > if I've told ff3 to remember the password. > ff3 remembers the password and the value of a preceding text field, > associating them with the domain of the page, > it autofills those values regardless of what the fields are named. > it only autofills one text and password field in a form, > but it will autofill all forms on a page. > it only autofills at onload. > it won't autofill any fields created or modified after onload. > > * in ff3, autocomplete="off" on a field means > the value won't be saved in value history, > the field won't have autocomplete, > the field won't get autofill. > > autofill will be inhibited if autocomplete="off" on either > the text field or the password field. > > * fill history means, when I fill out a form and submit it, > then 'back' will refill the form with the values I submitted. > I don't understand this behavior well yet. > > in ff3, autocomplete="off" will also prevent this refill. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to http://groups.google.com/group/google-caja-discuss To unsubscribe, email [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
