HTML and CSS Reference
In-Depth Information
Discussion
The autocomplete attribute was introduced by Microsoft Internet Explorer in 1999 and
was adopted by other browsers, although it was not part of any previous HTML or
XHTML specification.
By default, autocomplete is enabled ( on ) for all form fields. You may currently rely on
your browser's ability to remember your passwords and autocomplete functionality to
log in to many of the websites you visit. If, however, you specify a value of off for this
attribute, you will disable this functionality.
In addition to disabling autocomplete at the individual input field level, you can also
disable it at the form level. If you disable autocomplete at the form level, you can
re-enable it for an individual form field by setting autocomplete="on" .
While many security experts suggest applying autocomplete="off" to form fields that
contain sensitive data, you should keep in mind that this is not a particularly effective
security measure. Some browsers do not yet support autocomplete , and since so many
tools exist to circumvent autocomplete="off" —tools that still auto-inject a user's stored
password—it's often security theater or simply a false security measure.
Those browsers that do not support autocomplete simply ignore the attribute
altogether.
For a browser support reference on autocomplete , see Table 3-11 .
Table 3-11. Browser support for the autocomplete attribute
IE
Firefox
Chrome
Safari
Opera
iOS
Android
Yes*
4+
Yes*
Yes*
10.0+
Yes*
Yes*
In Table 3-11 , “Yes” indicates that the browser has implemented auto
complete in a pre-HTML5, nonstandard way. Use Mike Taylor's input
and attribute support page at http://www.miketaylr.com/code/input-type
-attr.html to determine when a browser has implemented it per the
HTML5 standard.
See Also
The autocomplete attribute in the WHATWG HTML specification at http://www
.whatwg.org/specs/web-apps/current-work/multipage/forms.html#attr-form-autocom
plete .
 
Search WWH ::




Custom Search