HTML and CSS Reference
In-Depth Information
Discussion
The
autocomplete
attribute was introduced by Microsoft Internet Explorer in 1999 and
was adopted by other browsers, although it was not part of any previous HTML or
XHTML specification.
By default,
autocomplete
is enabled (
on
) for all form fields. You may currently rely on
your browser's ability to remember your passwords and autocomplete functionality to
log in to many of the websites you visit. If, however, you specify a value of
off
for this
attribute, you will disable this functionality.
In addition to disabling
autocomplete
at the individual input field level, you can also
disable it at the form level. If you disable
autocomplete
at the form level, you can
re-enable it for an individual form field by setting
autocomplete="on"
.
While many security experts suggest applying
autocomplete="off"
to form fields that
contain sensitive data, you should keep in mind that this is
not
a particularly effective
security measure. Some browsers do not yet support
autocomplete
, and since so many
tools exist to circumvent
autocomplete="off"
—tools that still auto-inject a user's stored
password—it's often security theater or simply a false security measure.
Those browsers that do not support
autocomplete
simply ignore the attribute
altogether.
For a browser support reference on
autocomplete
, see
Table 3-11
.
Table 3-11. Browser support for the autocomplete attribute
IE
Firefox
Chrome
Safari
Opera
iOS
Android
Yes*
4+
Yes*
Yes*
10.0+
Yes*
Yes*
In
Table 3-11
, “Yes” indicates that the browser has implemented
auto
complete
in a pre-HTML5, nonstandard way. Use Mike Taylor's input
and attribute support page at
http://www.miketaylr.com/code/input-type
-attr.html
to determine when a browser has implemented it per the
HTML5 standard.
See Also
plete
.
