(no title)
bullman | 6 years ago
In 4.10.18.7.1...
"The "off" keyword indicates either that the control's input data is particularly sensitive (for example the activation code for a nuclear weapon); or that it is a value that will never be reused (for example a one-time-key for a bank login) and the user will therefore have to explicitly enter the data each time, instead of being able to rely on the UA to prefill the value for them; or that the document provides its own autocomplete mechanism and does not want the user agent to provide autocompletion values."
In 4.10.18.7.2...
"When an element's autofill field name is "off", the user agent should not remember the control's data, and should not offer past values to the user.
NOTE: In addition, when an element's autofill field name is "off", values are reset when traversing the history."
@jeffk - Ok, I now understand where you are getting this interpretation.
I think this is a dangerous interpretation (and perhaps it requires altering the spec to say must). Again Application developers need a reliable, durable way to tell the UA that a particular field should never be autofilled or autocompleted. How else do you propose we do that, other than following 4.10.18.7.1.
jefftk|6 years ago
Chrome is claiming that enough developers have marked fields as autocomplete=off in user-hostile ways that it shouldn't be respected, while many people here are making the case that conflicts with site-provided autocomplete and other issues push the other direction. That's how to have this discussion, not by pretending this SHOULD is a MUST.
(I don't work on Chrome and don't know any Google-internal anything about this)