25449 – Should we have a "masked" mode here?

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25449 - Should we have a "masked" mode here?

Summary: Should we have a "masked" mode here?

Status:	RESOLVED WONTFIX

Alias:	None

Product:	WHATWG
Classification:	Unclassified
Component:	HTML (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P3 normal
Target Milestone:	Unsorted
Assignee:	Ian 'Hixie' Hickson
QA Contact:	contributor

URL:	http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-04-24 23:04 UTC by contributor
Modified:	2014-06-12 18:13 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description contributor 2014-04-24 23:04:01 UTC

Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/association-of-controls-and-forms.html
Multipage: http://www.whatwg.org/C#input-modalities:-the-inputmode-attribute
Complete: http://www.whatwg.org/c#input-modalities:-the-inputmode-attribute
Referrer: 

Comment:
Should we have a "masked" mode here?

Posted from: 103.21.126.78
User agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36

Comment 1 Manish Goregaokar 2014-04-24 23:07:18 UTC

See https://bugzilla.mozilla.org/show_bug.cgi?id=956906#c68

Since all major browsers now do not allow autocomplete=off on password fields, a small use case is left behind: when the website owner wishes to mask the typed characters (as a password box does), but does not want it to go through the password manager, i.e., the saved value is *not* a password.

In such a case, `inputmode=masked` would be useful to tell the browser "please mask this input, but do not treat it as a password"

Comment 2 Ian 'Hixie' Hickson 2014-04-28 23:26:54 UTC

Do you have an example?

Comment 3 Ian 'Hixie' Hickson 2014-05-05 23:41:06 UTC

ping manishearth@gmail.com

Comment 4 Manish Goregaokar 2014-05-05 23:48:02 UTC

(In reply to Ian 'Hixie' Hickson from comment #3)
> ping manishearth@gmail.com

Sorry, thought I replied to this.

No, I don't have an example -- the use case just came to mind whilst having the autocomplete discussion, and it seemed like something that would be nice to have.

Comment 5 Ian 'Hixie' Hickson 2014-05-06 18:28:43 UTC

Ah, ok.

If there's no compelling use case, I'd rather not add the feature. The browser vendors have enough on their plate already.

Comment 6 Ian 'Hixie' Hickson 2014-06-12 18:13:35 UTC

Marking WONTFIX per comment 5. If a specific use case does come up, please don't hesitate to reopen the bug.

I think the right solution isn't so much inputmode=masked, though, as returning to autocomplete=off, but with the browsers being a bit more moderate when deciding to ignore it (e.g. only deciding to ignore it if there's also a username field in the form, or some such).

But either way, we'd have to be clear on why it would be bad for the UA to remember the value, even in the non-password case.