On Thu, Nov 13, 2014 at 5:17 PM, Roger Hågensen <resca...@emsai.net> wrote:
> On 2014-11-13 20:20, Evan Stade wrote: > >> Currently this new behavior is available behind a flag. We will soon be >> inverting the flag, so you have to opt into respecting autocomplete="off". >> >> > I don't like that browsers ignore HTML functionality hints like that. > > I have one real live use case that would be affected by this. > http://player.gridstream.org/request/ > This radio song request uses autocomplete="off" for the music request > because a listener would probably not request the same bunch of songs over > and over. > autocomplete="off" will still be respected for autocomplete data. This should cover your use case. > Also the reason the name field also has autocomplete="off" is simple, if > somebody uses a public terminal then not having the name remembered is nice. > Only the user can figure out if they're at a public terminal. > > Also, banks generally prefer to have autocomplete="off" for credit card > numbers, names, addresses etc. for security reasons. And that is now to be > ignored? > I'm not sure what security threat is addressed by respecting autocomplete="off". > > > Also note that in Norway this month a lot of banks are rolling out BankID > 2.0 which does not use Java, instead they use HTML5 tech. > And even todays solution (like in my bank) login is initiated by entering > my social ID number, which is entered into a input field with the text with > autocompelete="off". > Now my computer I have full control over but others may not (work place > computer, they walk off for a coffee) and someone could walk by and type > the first digit 0-9 and see whatever social id numbers had been entered. > This is also autocomplete, not Autofill (in Chrome parlance).