Comments on: Form Security with Autocomplete http://www.csskarma.com/blog/autocomplete-off/ display your <style> Mon, 12 Jul 2010 04:09:54 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Joe Devon http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-60455 Joe Devon Tue, 12 May 2009 01:48:56 +0000 http://www.csskarma.com/blog/?p=480#comment-60455 Sweet! Sweet!

]]> By: Mauro Accornero http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-56868 Mauro Accornero Tue, 21 Apr 2009 09:28:05 +0000 http://www.csskarma.com/blog/?p=480#comment-56868 Nice trick, I like the solution with noscript. Nice trick, I like the solution with noscript.

]]> By: Chris http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-54549 Chris Fri, 10 Apr 2009 21:52:12 +0000 http://www.csskarma.com/blog/?p=480#comment-54549 Nice. Thanks for the code. Nice. Thanks for the code.

]]> By: Tim http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-54507 Tim Fri, 10 Apr 2009 18:00:59 +0000 http://www.csskarma.com/blog/?p=480#comment-54507 yea, that's true that <em>you</em> might do it that way, but most people aren't aware of that and let this data get saved and easily accessed. Most people aren't even aware they have options in the browser. Being responsible developers, we should look out for our users and take the extra 10 seconds to add something like this in. yea, that’s true that you might do it that way, but most people aren’t aware of that and let this data get saved and easily accessed. Most people aren’t even aware they have options in the browser.

Being responsible developers, we should look out for our users and take the extra 10 seconds to add something like this in.

]]> By: Jason http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-54505 Jason Fri, 10 Apr 2009 17:53:56 +0000 http://www.csskarma.com/blog/?p=480#comment-54505 I don't understand the point of this. Autocomplete is handled by the browser. The data is kept client-side. The user agent is able to do 2 things that make this technique moot. 1) You could omit @autocomplete=off and the browser (or extensions) could ignore that command and not remember the data. 2) You could utilize @autocomplete=off and the user agent agent could ignore that command and remember the data anyway. No matter whether you use @autocomplete or not the user agent (or extensions thereof) can ignore your request and do its own thing. Further the user agent behavior is configurable by the end user with their browser/extension settings. As an end user, if I'm worried about my browser remembering my data, then I won't leave it up to the site owner and hope they use @autocomplete=off. I'll configure my browser to not remember the data! I don’t understand the point of this. Autocomplete is handled by the browser. The data is kept client-side. The user agent is able to do 2 things that make this technique moot. 1) You could omit @autocomplete=off and the browser (or extensions) could ignore that command and not remember the data. 2) You could utilize @autocomplete=off and the user agent agent could ignore that command and remember the data anyway. No matter whether you use @autocomplete or not the user agent (or extensions thereof) can ignore your request and do its own thing. Further the user agent behavior is configurable by the end user with their browser/extension settings. As an end user, if I’m worried about my browser remembering my data, then I won’t leave it up to the site owner and hope they use @autocomplete=off. I’ll configure my browser to not remember the data!

]]> By: Tim http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-54504 Tim Fri, 10 Apr 2009 17:51:05 +0000 http://www.csskarma.com/blog/?p=480#comment-54504 Some folks are required to have valid code, for whatever reason. For those people I'd recommend the JS solution, for everyone else, just code it right in the field. I agree, it's not worth using JS in this situation but it's nice to be aware of the option. A similar technique is used for adding in ARIA code for accessibility (using JS to keep the xhtml valid). Some folks are required to have valid code, for whatever reason. For those people I’d recommend the JS solution, for everyone else, just code it right in the field. I agree, it’s not worth using JS in this situation but it’s nice to be aware of the option.

A similar technique is used for adding in ARIA code for accessibility (using JS to keep the xhtml valid).

]]> By: Simon Sigurdhsson http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-54503 Simon Sigurdhsson Fri, 10 Apr 2009 17:44:56 +0000 http://www.csskarma.com/blog/?p=480#comment-54503 Innovative solution. I still feel that adding security features using JS is dumb. You still have to use the noscript tag and in that you still have invalid XHTML, so why bother in the first place? Innovative solution. I still feel that adding security features using JS is dumb. You still have to use the noscript tag and in that you still have invalid XHTML, so why bother in the first place?

]]> By: Rich http://www.csskarma.com/blog/autocomplete-off/comment-page-1/#comment-54489 Rich Fri, 10 Apr 2009 16:47:39 +0000 http://www.csskarma.com/blog/?p=480#comment-54489 php can't check for javascript as it's server not clientside. Noscript is the way to do this. php can’t check for javascript as it’s server not clientside. Noscript is the way to do this.

]]>