Saturday, 25 August 2018

standards - Is there a W3C valid way to disable autocomplete in a HTML form?




When using the xhtml1-transitional.dtd doctype, collecting a credit card number with the following HTML






will flag a warning on the W3C validator:




there is no attribute "autocomplete".





Is there a W3C / standards way to disable browser auto-complete on sensitive fields in a form?


Answer



Here is a good article from the MDC which explains the problems (and solutions) to form autocompletion.
Microsoft has published something similar here, as well.



To be honest, if this is something important to your users, 'breaking' standards in this way seems appropriate. For example, Amazon uses the 'autocomplete' attribute quite a bit, and it seems to work well.



If you want to remove the warning entirely, you can use JavaScript to apply the attribute to browsers that support it (IE and Firefox are the important browsers) using someForm.setAttribute( "autocomplete", "off" ); someFormElm.setAttribute( "autocomplete", "off" );




Finally, if your site is using HTTPS, IE automatically turns off autocompletion (as do some other browsers, as far as I know).



Update



As this answer still gets quite a few upvotes, I just wanted to point out that in HTML5, you can use the 'autocomplete' attribute on your form element. See the documentation on W3C for it.


No comments:

Post a Comment

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print ...