Preventing autofill on form fields

Forum Moderators: open

Message Too Old, No Replies

Preventing autofill on form fields

Isn't there a HTML attribute for this?

MatthewHSE

8:25 pm on May 9, 2006 (gmt 0)

Most browsers have some sort of function to "remember" data that has been entered into text boxes in forms. You can double-click the form field to get a list of past entries, or start typing and get a list of past entries that started with the same sequence of letters. Cool browser feature and a great time-saver.

But also insecure.

Take a credit card form, for instance, or anything else where sensitive data may be entered. Who wants that info to be available in a handy-dandy autofill dropdown for form fields?

So, I'd like to over-ride that behavior for some form fields on my site. I'm sure I've read about an HTML attribute that will do this, but after scrounging around the web, I can't find what it might be (leading me to believe it might not be "valid" HTML?)

Valid or not, if anyone can point me in the right direction for this, I'll be most grateful.

Thanks!

Matthew

Fotiman

8:40 pm on May 9, 2006 (gmt 0)

autocomplete="off"

It's a Microsoft proprietary thing. I don't know if this link violates the TOS or not (I'm still confused about which ones are valid, but I think this is ok):
[msdn.microsoft.com...]

encyclo

11:49 pm on May 9, 2006 (gmt 0)

The attribute

autocomplete="off"

is a Microsoft invention (IE5+), but is now supported by Firefox and Safari/Konqueror, but not Opera (unless their latest versions have added support). You can use it in two ways, either for each input field or for the entire form:

<input type="text" name="login" [b]autocomplete="off"[/b]>

or:

<form action="script.cgi" [b]autocomplete="off"[/b]>

I use the

autocomplete

attribute without hesitation for fields such as credit card numbers, etc., however the attribute does not exist in any formal specification so your page will not validate.

Fotiman

2:20 pm on May 10, 2006 (gmt 0)

This begs the question:

Can this attribute be added using JavaScript and the DOM? (to keep the document valid)

A question I will now go ask in the JavaScript list. :)

MatthewHSE

2:40 pm on May 10, 2006 (gmt 0)

Thanks guys. I really don't see any reason for this NOT to be a part of the HTML specification; it's controlling content, not presentation, and therefore would be a legitimate attribute.

Notwithstanding its current status, I'm glad to know there is such an attribute and I will be using it whenever autofill is not desirable.

Fotiman

2:56 pm on May 10, 2006 (gmt 0)

Here's the JavaScript thread:

[webmasterworld.com...]

I offer a solution there for using JavaScript to add this value to form inputs using either the form ID or the ID value of individual inputs. Thus, your document remains valid.