Re: html and password management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 26, 2009 at 4:36 PM, Michael A. Peters <mpeters@xxxxxxx> wrote:
> kranthi wrote:
>>
>> seems more of a firefox question than a PHP question...
>>
>> just replace <form id="formemail" method="post" action="UserPrefs">
>> with <form id="formemail" method="post" action="UserPrefs"
>> autocomplete="off">
>>
>> https://developer.mozilla.org/en/How_to_Turn_Off_form_Autocompletion
>>
>
> Thanks!
>
> I found that for xhtml I had to use following DOCTYPE to get it to validate:
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
> "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"; [
> <!ATTLIST form autocomplete CDATA #IMPLIED>
> ]>
>
> From what I gather though did not try, sent with improper text/html mime
> type, browsers add a bogus ]> to top of output, declaring an ATTLIST should
> only be done if sent as application/xhtml+xml
>
> I still have to check and see how opera reacts to that (IE gets html version
> of my pages so it won't get that anyway, I can't test safari)
>
> html won't validate with that attribute, but that's OK I guess.
> Maybe it will in html 5 (I don't know) but that's not even stable yet.
>
> I'd prefer it to be at the input level rather than form level, the problem
> (and I think it is a firefox bug) is that it assumes an input before a
> password the same form as a password is a login name.
>
> I *might* actually be able to just move the password field above the e-mail
> change and fix it.
>
> But the autocomplete='off' is very useful to me for another form where users
> add GPS coordinates, which are from within shasta county and thus all very
> close, unless the records are for identical coordinates they'll never be the
> same and if they are identical, using the autocomplete feature risks a
> mistake of selecting the wrong one thus resulting in bogus data.
>


I just thought I'd toss this out there. Do you know that there is an
effort to remove browser support this attribute (or at least give the
user a browser configuration option to ignore it)?

http://article.gmane.org/gmane.org.w3c.whatwg.discuss/3054

This article discusses some of the issues involved.
https://wiki.mozilla.org/The_autocomplete_attribute_and_web_documents_using_XHTML


The discussion is primarily centered around banks using it to prevent
browsers from remembering your login credentials for their web sites,
and the idea that the user should ultimately remain in control of the
browser and that a website should not be able to assert control
against the user's wishes (in this case by preventing the user from
using the form manager or password manager to store the information).


Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux