Don't confuse "autocomplete" (of a single field) with "autofill" (of multiple fields in a form). I have not seen any implementations of "autocomplete" that will automatically fill in single fields without interaction, or fill in hidden fields. This feature has been around a lot longer than 5 years; 20 maybe, 15 for sure. Adding autocomplete hints shouldn't be harmful in this use, and by giving browsers hints it should help users get more consistently useful data. Password managers are an old form of "autofill" and in some implementations will fill in hidden fields or fill without user interaction. This is dangerous, but autocomplete hints won't make the problem worse. More recently browsers started supporting a more explicitly acknowledged form "autofill" that do take advantage of the autocomplete hints. I haven't yet seen any that will fill forms without user interaction, but several will go ahead and fill hidden fields if the user chooses to fill the form. This is the source of the privacy worries you mention. Current autofill implementations seem to be based around name-and-address type information but it wouldn't be hard to imagine them expanding to incorporate data for more of the standardized HTML5 autocomplete hints in the future. The problematic user-interaction exists and needs to be mitigated whether you recommend the use of the autocomplete attributes or not. -Dan Veditz
Received on Sunday, 26 November 2017 01:09:37 UTC