This issue is discussed in bug 48860. Here's a comment that I made in
that report:
> The issue here boils down to whose browser is it anyway -- the user's
> or the website's. Shouldn't the user be the one to decide what
> convenience features he would like to use rather than have a website
> dictate that to him. As a user I want to be able to save
> username/passwords from whatever website I chose and not
> allow particular websites to opt out on me.
Dan Veditz wrote:
>
> Stuart Ballard wrote:
> >
> > [EMAIL PROTECTED] wrote:
> > >
> > > [EMAIL PROTECTED] wrote:
> > > > I know there is a tag in IE Autocomplete="off". . .
> > > > We need this as a security issue for credit card # entry. Is there a
> > >
> > > I hope to God that you're not putting something that sensitive in a URL.
> > > If so, you're not asking for trouble, you've already got it - and getting rid
> > > of autocomplete will not protect you.
> >
> > He's not talking about the URL, he's talking about form auto-fill. And
> > he has a point. You can't implement credit card entry without putting it
> > in a form *somewhere*...
>
> If he's talking about form auto-fill, there's a preference to turn it off
> available on the preferences dialog.
>
> There's no way for a *site* author to turn it off, though. Not sure if
> that's a good or bad idea. It would help folks too stupid to think saving a
> credit card might be a bad idea, but make life harder for folks who want the
> convenience and are smart enough to save the credit card information
> security encrypted (as mozilla and Netscape 6 can do, but don't by default).
>
> It would also be a non-standard tag attribute, and we sort of frown on that.
>
> -Dan Veditz
