[html5] r8794 - [giow] (2) autofill: Encourage password saving. Fixing https://www.w3.org/Bugs/P [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri Sep 19 14:16:26 PDT 2014


Author: ianh
Date: 2014-09-19 14:16:22 -0700 (Fri, 19 Sep 2014)
New Revision: 8794

Modified:
   complete.html
   index
   source
Log:
[giow] (2) autofill: Encourage password saving.
Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=25879
Affected topics: HTML

Modified: complete.html
===================================================================
--- complete.html	2014-09-19 19:21:24 UTC (rev 8793)
+++ complete.html	2014-09-19 21:16:22 UTC (rev 8794)
@@ -41583,12 +41583,66 @@
   <p>A user agent may allow the user to override an element's <a href=#autofill-field-name id=processing-model-4:autofill-field-name-18>autofill field name</a>, e.g.
   to change it from "<code id=processing-model-4:attr-fe-autocomplete-off-6><a href=#attr-fe-autocomplete-off>off</a></code>" to "<code id=processing-model-4:attr-fe-autocomplete-on-4><a href=#attr-fe-autocomplete-on>on</a></code>" to allow values to be remembered and prefilled despite
   the page author's objections, or to always "<code id=processing-model-4:attr-fe-autocomplete-off-7><a href=#attr-fe-autocomplete-off>off</a></code>",
-  never remembering values. However, user agents should not allow users to trivially override the
-  <a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field name</a> from "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>" to
-  "<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or other values, as there are significant
-  security implications for the user if all values are always remembered, regardless of the site's
-  preferences.</p>
+  never remembering values.</p>
 
+  <p>More specifically, user agents may in particular consider replacing the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field
+  name</a> of form controls that match the description given in the first column of the following
+  table, when their <a href=#autofill-field-name id=processing-model-4:autofill-field-name-20>autofill field name</a> is either "<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>", with the value given in the second cell of that
+  row. If this table is used, the replacements must be done in <a href=#tree-order id=processing-model-4:tree-order>tree order</a>, since all
+  but the first row references the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-21>autofill field name</a> of earlier elements. When the
+  descriptions below refer to form controls being preceded or followed by others, they mean in the
+  list of <span>listed elements</span> that share the same <a href=#form-owner id=processing-model-4:form-owner-5>form owner</a>.</p>
+
+  <table><thead><tr><th>Form control
+     <th>New <a href=#autofill-field-name id=processing-model-4:autofill-field-name-22>autofill field name</a>
+
+   <tbody><tr><td>
+
+      an <code id=processing-model-4:the-input-element-5><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-2><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#text-(type=text)-state-and-search-state-(type=search)" id="processing-model-4:text-(type=text)-state-and-search-state-(type=search)">Text</a> state that is followed by an
+      <code id=processing-model-4:the-input-element-6><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-3><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)">Password</a> state
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-username-2><a href=#attr-fe-autocomplete-username>username</a></code>"
+
+
+    <tr><td>
+
+      an <code id=processing-model-4:the-input-element-7><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-4><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-2">Password</a> state that is preceded by an
+      <code id=processing-model-4:the-input-element-8><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-23>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-username-3><a href=#attr-fe-autocomplete-username>username</a></code>"
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-current-password-2><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"
+
+
+    <tr><td>
+
+      an <code id=processing-model-4:the-input-element-9><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-5><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-3">Password</a> state that is preceded by an
+      <code id=processing-model-4:the-input-element-10><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-24>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-current-password-3><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-new-password-2><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"
+
+
+    <tr><td>
+
+      an <code id=processing-model-4:the-input-element-11><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-6><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-4">Password</a> state that is preceded by an
+      <code id=processing-model-4:the-input-element-12><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-25>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-new-password-3><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-new-password-4><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"
+
+
+  </table>
+
   <p>The <dfn id=dom-fe-autocomplete><code>autocomplete</code></dfn> IDL attribute, on getting,
   must return the element's <a href=#idl-exposed-autofill-value id=processing-model-4:idl-exposed-autofill-value-5>IDL-exposed autofill value</a>, and on setting, must
   <a href=#reflect id=processing-model-4:reflect>reflect</a> the content attribute of the same name.</p>

Modified: index
===================================================================
--- index	2014-09-19 19:21:24 UTC (rev 8793)
+++ index	2014-09-19 21:16:22 UTC (rev 8794)
@@ -41583,12 +41583,66 @@
   <p>A user agent may allow the user to override an element's <a href=#autofill-field-name id=processing-model-4:autofill-field-name-18>autofill field name</a>, e.g.
   to change it from "<code id=processing-model-4:attr-fe-autocomplete-off-6><a href=#attr-fe-autocomplete-off>off</a></code>" to "<code id=processing-model-4:attr-fe-autocomplete-on-4><a href=#attr-fe-autocomplete-on>on</a></code>" to allow values to be remembered and prefilled despite
   the page author's objections, or to always "<code id=processing-model-4:attr-fe-autocomplete-off-7><a href=#attr-fe-autocomplete-off>off</a></code>",
-  never remembering values. However, user agents should not allow users to trivially override the
-  <a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field name</a> from "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>" to
-  "<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or other values, as there are significant
-  security implications for the user if all values are always remembered, regardless of the site's
-  preferences.</p>
+  never remembering values.</p>
 
+  <p>More specifically, user agents may in particular consider replacing the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-19>autofill field
+  name</a> of form controls that match the description given in the first column of the following
+  table, when their <a href=#autofill-field-name id=processing-model-4:autofill-field-name-20>autofill field name</a> is either "<code id=processing-model-4:attr-fe-autocomplete-on-5><a href=#attr-fe-autocomplete-on>on</a></code>" or "<code id=processing-model-4:attr-fe-autocomplete-off-8><a href=#attr-fe-autocomplete-off>off</a></code>", with the value given in the second cell of that
+  row. If this table is used, the replacements must be done in <a href=#tree-order id=processing-model-4:tree-order>tree order</a>, since all
+  but the first row references the <a href=#autofill-field-name id=processing-model-4:autofill-field-name-21>autofill field name</a> of earlier elements. When the
+  descriptions below refer to form controls being preceded or followed by others, they mean in the
+  list of <span>listed elements</span> that share the same <a href=#form-owner id=processing-model-4:form-owner-5>form owner</a>.</p>
+
+  <table><thead><tr><th>Form control
+     <th>New <a href=#autofill-field-name id=processing-model-4:autofill-field-name-22>autofill field name</a>
+
+   <tbody><tr><td>
+
+      an <code id=processing-model-4:the-input-element-5><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-2><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#text-(type=text)-state-and-search-state-(type=search)" id="processing-model-4:text-(type=text)-state-and-search-state-(type=search)">Text</a> state that is followed by an
+      <code id=processing-model-4:the-input-element-6><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-3><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)">Password</a> state
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-username-2><a href=#attr-fe-autocomplete-username>username</a></code>"
+
+
+    <tr><td>
+
+      an <code id=processing-model-4:the-input-element-7><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-4><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-2">Password</a> state that is preceded by an
+      <code id=processing-model-4:the-input-element-8><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-23>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-username-3><a href=#attr-fe-autocomplete-username>username</a></code>"
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-current-password-2><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"
+
+
+    <tr><td>
+
+      an <code id=processing-model-4:the-input-element-9><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-5><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-3">Password</a> state that is preceded by an
+      <code id=processing-model-4:the-input-element-10><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-24>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-current-password-3><a href=#attr-fe-autocomplete-current-password>current-password</a></code>"
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-new-password-2><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"
+
+
+    <tr><td>
+
+      an <code id=processing-model-4:the-input-element-11><a href=#the-input-element>input</a></code> element whose <code id=processing-model-4:attr-input-type-6><a href=#attr-input-type>type</a></code> attribute is in
+      the <a href="#password-state-(type=password)" id="processing-model-4:password-state-(type=password)-4">Password</a> state that is preceded by an
+      <code id=processing-model-4:the-input-element-12><a href=#the-input-element>input</a></code> element whose <a href=#autofill-field-name id=processing-model-4:autofill-field-name-25>autofill field name</a> is "<code id=processing-model-4:attr-fe-autocomplete-new-password-3><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"
+
+     <td>
+
+      "<code id=processing-model-4:attr-fe-autocomplete-new-password-4><a href=#attr-fe-autocomplete-new-password>new-password</a></code>"
+
+
+  </table>
+
   <p>The <dfn id=dom-fe-autocomplete><code>autocomplete</code></dfn> IDL attribute, on getting,
   must return the element's <a href=#idl-exposed-autofill-value id=processing-model-4:idl-exposed-autofill-value-5>IDL-exposed autofill value</a>, and on setting, must
   <a href=#reflect id=processing-model-4:reflect>reflect</a> the content attribute of the same name.</p>

Modified: source
===================================================================
--- source	2014-09-19 19:21:24 UTC (rev 8793)
+++ source	2014-09-19 21:16:22 UTC (rev 8794)
@@ -53394,12 +53394,86 @@
   to change it from "<code data-x="attr-fe-autocomplete-off">off</code>" to "<code
   data-x="attr-fe-autocomplete-on">on</code>" to allow values to be remembered and prefilled despite
   the page author's objections, or to always "<code data-x="attr-fe-autocomplete-off">off</code>",
-  never remembering values. However, user agents should not allow users to trivially override the
-  <span>autofill field name</span> from "<code data-x="attr-fe-autocomplete-off">off</code>" to
-  "<code data-x="attr-fe-autocomplete-on">on</code>" or other values, as there are significant
-  security implications for the user if all values are always remembered, regardless of the site's
-  preferences.</p>
+  never remembering values.</p>
 
+  <p>More specifically, user agents may in particular consider replacing the <span>autofill field
+  name</span> of form controls that match the description given in the first column of the following
+  table, when their <span>autofill field name</span> is either "<code
+  data-x="attr-fe-autocomplete-on">on</code>" or "<code
+  data-x="attr-fe-autocomplete-off">off</code>", with the value given in the second cell of that
+  row. If this table is used, the replacements must be done in <span>tree order</span>, since all
+  but the first row references the <span>autofill field name</span> of earlier elements. When the
+  descriptions below refer to form controls being preceded or followed by others, they mean in the
+  list of <span>listed elements</span> that share the same <span>form owner</span>.</p>
+
+  <table>
+
+   <thead>
+    <tr>
+     <th>Form control
+     <th>New <span>autofill field name</span>
+
+   <tbody>
+
+
+    <tr>
+
+     <td>
+
+      an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
+      the <span data-x="attr-input-type-text">Text</span> state that is followed by an
+      <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
+      the <span data-x="attr-input-type-password">Password</span> state
+
+     <td>
+
+      "<code data-x="attr-fe-autocomplete-username">username</code>"
+
+
+    <tr>
+
+     <td>
+
+      an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
+      the <span data-x="attr-input-type-password">Password</span> state that is preceded by an
+      <code>input</code> element whose <span>autofill field name</span> is "<code
+      data-x="attr-fe-autocomplete-username">username</code>"
+
+     <td>
+
+      "<code data-x="attr-fe-autocomplete-current-password">current-password</code>"
+
+
+    <tr>
+
+     <td>
+
+      an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
+      the <span data-x="attr-input-type-password">Password</span> state that is preceded by an
+      <code>input</code> element whose <span>autofill field name</span> is "<code
+      data-x="attr-fe-autocomplete-current-password">current-password</code>"
+
+     <td>
+
+      "<code data-x="attr-fe-autocomplete-new-password">new-password</code>"
+
+
+    <tr>
+
+     <td>
+
+      an <code>input</code> element whose <code data-x="attr-input-type">type</code> attribute is in
+      the <span data-x="attr-input-type-password">Password</span> state that is preceded by an
+      <code>input</code> element whose <span>autofill field name</span> is "<code
+      data-x="attr-fe-autocomplete-new-password">new-password</code>"
+
+     <td>
+
+      "<code data-x="attr-fe-autocomplete-new-password">new-password</code>"
+
+
+  </table>
+
   <p>The <dfn><code data-x="dom-fe-autocomplete">autocomplete</code></dfn> IDL attribute, on getting,
   must return the element's <span>IDL-exposed autofill value</span>, and on setting, must
   <span>reflect</span> the content attribute of the same name.</p>



More information about the Commit-Watchers mailing list