WingNews logo WingNews
top | item 21245133

(no title)

bullman | 6 years ago

Where is this supposed "should"?

From the spec - The autocomplete attribute represents either:

a) autofill expectation mantle

b) autofill anchor mantle

If the input type is "hidden", then it is wearing the "autofill anchor mantle". IN ALL OTHER CASES (emphasis mine) it wears the "autofill expectation mantle"

And what are the rules on "autofill expectation mantle"?

"When wearing the autofill expectation mantle, the autocomplete attribute, if specified, must have a value that is an ordered set of space-separated tokens consisting of either a single token that is an ASCII case-insensitive match for the string "off", or a single token that is an ASCII case-insensitive match for the string "on", or autofill detail tokens

...

The "off" keyword indicates either that the control's input data is particularly sensitive (for example the activation code for a nuclear weapon); or that it is a value that will never be reused (for example a one-time-key for a bank login) and the user will therefore have to explicitly enter the data each time, instead of being able to rely on the UA to prefill the value for them; OR THAT THE DOCUMENT PROVIDES ITS OWN AUTOCOMPLETE MECHANISM AND DOES NOT WANT THE USER AGENT TO PROVIDE AUTOCOMPLETION VALUES. (emphasis mine)"

Per: https://html.spec.whatwg.org/multipage/form-control-infrastr...

discuss

order

jefftk|6 years ago

The "should" is in the spec's description of how to interpret "off": "When an element's autofill field name is 'off', the user agent should not remember the control's data, and should not offer past values to the user."

bullman|6 years ago

So then the crux of the conflict:

In 4.10.18.7.1...

"The "off" keyword indicates either that the control's input data is particularly sensitive (for example the activation code for a nuclear weapon); or that it is a value that will never be reused (for example a one-time-key for a bank login) and the user will therefore have to explicitly enter the data each time, instead of being able to rely on the UA to prefill the value for them; or that the document provides its own autocomplete mechanism and does not want the user agent to provide autocompletion values."

In 4.10.18.7.2...

"When an element's autofill field name is "off", the user agent should not remember the control's data, and should not offer past values to the user.

NOTE: In addition, when an element's autofill field name is "off", values are reset when traversing the history."

@jeffk - Ok, I now understand where you are getting this interpretation.

I think this is a dangerous interpretation (and perhaps it requires altering the spec to say must). Again Application developers need a reliable, durable way to tell the UA that a particular field should never be autofilled or autocompleted. How else do you propose we do that, other than following 4.10.18.7.1.

bullman|6 years ago

Additional food for thought. Elsewhere, in 4.10.5.1.2 (Text (type=text))...

"If the element is mutable, its value SHOULD (emphasis mine) be editable by the user. User agents must not allow users to insert U+000A LINE FEED (LF) or U+000D CARRIAGE RETURN (CR) characters into the element's value."

https://html.spec.whatwg.org/multipage/input.html

So, according to this spec, the UA is allowed to make an input field type=text non-editable if it so chooses.

Would you argue that this is another place where Chrome would be allowed to act in a manner differently than expected, because "SHOULD" was used?