Hello,
does anybody know how to turn off the autocomplete feature for a certain
text field?
I am aware of the "autocomple te" attribute, but I have seen other
implementions achieving it without any such attribute and am wondering
whether there is another way to do it .... like via CSS or a naming
convention or .......
Thanks,
Alex
Jul 23 '05
40  10904 
Previously in comp.infosystem s. www.authoring.html, Alex <no*@for.spam >
said: Pardon?
Your question was:
does anybody know how to turn off the autocomplete feature for a certain
text field?
The answer of course, which Michael gave you, is yes. Someone knows.
Michael decided to try and guess your response to that answer. His guess
was that your next question would be, "Who?"
So his answer was, "the browser programmers".
IOW, the answer is the same as everyone else has already given you - it
is not, and should not be, in your control as the author. It is up to
the browser manufacturers (whether to implement autocomplete in the
first place), and the end user (whether to disable it in the browser/use
a browser that doesn't support it, etc).
Well, there are implementions which accomplish it.
In some browsers, under certain circumstances, in the right light,
maybe.
--
Mark Parnell http://www.clarkecomputers.com.au
Previously in comp.infosystem s. www.authoring.html, Alex <no*@for.spam >
said: A newsgroup is always also a kind of helpdesk.
Who told you that rubbish? There are a handful of newsgroups that also
function as helpdesks - generally these are the ones with "helpdesk" in
the name of the group, e.g. news://24hoursupport.helpdesk. All others
exist purely for discussion on a given topic. As was pointed out in the
quote that David posted, any answers to your question are incidental to
the discussion.
I will pay you exactly nothing.
Then you get what you paid for. HTH. HAND.
--
Mark Parnell http://www.clarkecomputers.com.au
Mark Parnell wrote:
[...]
IOW, the answer is the same as everyone else has already given you - it
is not, and should not be, in your control as the author.
That may be your opinion, but the question was whether there is a way
of disabling auto complete other than the autocomplete attribute. Not
one single reply (other than my own) has addressed the actual
question.
It is up to
the browser manufacturers (whether to implement autocomplete in the
first place), and the end user (whether to disable it in the browser/use
a browser that doesn't support it, etc).
Your opinion on the autocomplete attribute is irrelevant since the
original question was how to disable auto complete *other than* using
the autocomplete attribute.
Well, there are implementions which accomplish it.
In some browsers, under certain circumstances, in the right light,
maybe.
No, there are implementations that prevent auto complete from working
absolutely reliably in every case:
1. Use Flash forms and not HTML (requires Flash plugin)
2. Do not use names or labels on inputs (requires JavaScript support)
3. Assign random strings to input names so that they are not
recognised by the browser (requires HTML only)
4. Use HTTPS (less reliable but still pretty good).
No doubt there are other methods.
If a site that prevents auto complete from working annoys you enough
that you don't use it, then that is your choice as it was theirs to
prevent certain browser behaviour, even while maintaining full
compliance with the HTML 4.01 specification (which does not mention
"autocomple te" at all).
--
Zif
Zifud wrote: Lachlan Hunt wrote:
Yes, but it is not the only way to prevent a user agent from
remembering user input. Let's say I add a randomly generated 8
character string to my input field names. Your browser won't
recognize the field, how will it auto fill it?
You basing that assumption on the way existing autocomplete features
work. There is nothing *preventing* the user agent remembering the
values except the limitations of the implementations . There is
certainly nothing in the markup doing so.
However, *what right do you have to take over my system and decide
when I want to let my browser remember my passwords and other form
values*???
Rights? What is this, life and death?
No, it's not life and death, it's about the right to make choices
yourself, without anyone else interfering.
Get a grip! The page author can defeat any browser attempt at remembering
form values - what if they don't use HTML forms at all? Or generate random input names?
Or don't assign any name or label to the input and use JavaScript to
populate hidden fields before submission?
Sorry, autocomplete is a nice add-on, but it is utterly unreliable
and certainly not some inalienable 'right'.
It is the right of the user to make use of the features in their user agent.
Luckily there are ways for a user to override this attribute in *some*
browsers, though it's not easy and it's something the user shouldn't
even have to do.
So now you assume to know the requirements of all users?
No. If you think that, then you've totally misunderstood the issue.
The point is that it should be the *user's* choice in the end, not the
author's, and user's that want to make the choice should be able to do
so easily.
See this recent thread [1] in the WHAT-WG mailing list that explains
why this attribute cannot be used, why browsers support it, why
authors should not use it, why there is an attempt to standardise it
and, most importantly, *why you must not use this attribute*!
[1]
http://listserver.dreamhost.com/pipe...read.html#3183
That thread contains a rather lop-sided series of comments regarding
the support that the WHAT Working Group specification should give to
the autocomplete attribute. There is no discussion of any of the
points you raise, least of all why it "cannot" or "must not" be used.
All the points are addressed either directly in the thread or there are
references to places that contain the explanation. Here's a very brief
summary.
Why browser's support it:
To meet the needs of some ignorant banking organisations that believe
it increases the security of their web pages.
Why it's being standardised:
Because specifications should document what browsers should support.
Why authors can not, should not and must not use it:
Because it is a user-hostile act to disable a user's user agent
feature designed to increase the usability of web sites for the user.
Indeed, if it were the view of that group that autocomplete can't or
mustn't be used, why is the outcome of the discussion that it
continue to be part of the specification?
Ignorance. I never said it was the view of the group, only that it
should not be used for the many reasons discussed in it.
--
Lachlan Hunt http://lachy.id.au/ http://GetFirefox.com/ Rediscover the Web http://GetThunderbird.com/ Reclaim your Inbox
Previously in comp.infosystem s. www.authoring.html, Zifud
<Zi***@hotmail. com> said: That may be your opinion, but the question was whether there is a way
of disabling auto complete other than the autocomplete attribute. Not
one single reply (other than my own) has addressed the actual
question.
See the part of my reply you snipped, or Michael's post,
42************* *********@news. zen.co.uk - both answered the OP's exact
question. Perhaps it was not quite the question he/she wanted answered,
but it's the question that was asked.
Your opinion on the autocomplete attribute is irrelevant since the
original question was how to disable auto complete *other than* using
the autocomplete attribute.
I never mentioned the autocomplete attribute. I was talking about
autocomplete as a behaviour in general, not the one attribute (which, as
you rightly note, is non-standard anyway).
1. Use Flash forms and not HTML (requires Flash plugin)
2. Do not use names or labels on inputs (requires JavaScript support)
Well, removing form functionality is one way of preventing autocomplete,
but it's a bit drastic IMHO.
3. Assign random strings to input names so that they are not
recognised by the browser (requires HTML only)
4. Use HTTPS (less reliable but still pretty good).
My browser allows me to autocomplete form data in either of those
situations (and possibly the first 2 - I haven't tested).
--
Mark Parnell http://www.clarkecomputers.com.au
Mark Parnell wrote: Previously in comp.infosystem s.www.authoring.html, Zifud
<Zi***@hotmail. com> said:
That may be your opinion, but the question was whether there is a way
of disabling auto complete other than the autocomplete attribute. Not
one single reply (other than my own) has addressed the actual
question.
See the part of my reply you snipped, or Michael's post,
42************* *********@news. zen.co.uk - both answered the OP's exact
question. Perhaps it was not quite the question he/she wanted answered,
but it's the question that was asked.
Your opinion on the autocomplete attribute is irrelevant since the
original question was how to disable auto complete *other than* using
the autocomplete attribute.
I never mentioned the autocomplete attribute. I was talking about
autocomplete as a behaviour in general, not the one attribute (which, as
you rightly note, is non-standard anyway).
1. Use Flash forms and not HTML (requires Flash plugin)
2. Do not use names or labels on inputs (requires JavaScript support)
Well, removing form functionality is one way of preventing autocomplete,
but it's a bit drastic IMHO.
3. Assign random strings to input names so that they are not
recognised by the browser (requires HTML only)
4. Use HTTPS (less reliable but still pretty good).
My browser allows me to autocomplete form data in either of those
situations (and possibly the first 2 - I haven't tested).
--
Zif
Lachlan Hunt wrote: Zifud wrote:
Lachlan Hunt wrote:
Yes, but it is not the only way to prevent a user agent from
remembering user input. Let's say I add a randomly generated 8
character string to my input field names. Your browser won't
recognize the field, how will it auto fill it?
You basing that assumption on the way existing autocomplete features
work.
Should I base them on how future implementations may work, or should
I stick with reality?
There is nothing *preventing* the user agent remembering the values except the limitations of the implementations . There is
certainly nothing in the markup doing so.
? Remembering individual values is only half the problem, it's
automatically associating certain values with particular fields on
individual web sites, like user id, password, etc. that is the
problem. It becomes an absolute no-brainer to hack into someones
bank account if the fields are filled in for you!
And if the site chooses to protect itself by preventing such automatic
field filling, who are you to say they can't?
However, *what right do you have to take over my system and
decide when I want to let my browser remember my passwords and other
form values*???
Rights? What is this, life and death?
No, it's not life and death, it's about the right to make choices
yourself, without anyone else interfering.
But you choose to dictate to site authors the features they can and
can't use on their site.
Get a grip! The page author can defeat any browser attempt at
remembering
form values - what if they don't use HTML forms at all? Or generate
random input names?
Or don't assign any name or label to the input and use JavaScript to
populate hidden fields before submission?
Sorry, autocomplete is a nice add-on, but it is utterly unreliable
and certainly not some inalienable 'right'.
It is the right of the user to make use of the features in their user
agent.
And the 'right' of every author to use the features provided by the
specification. Autocomplete (feature or attribute) is not part of
the HTML spec, and it can be easily defeated with perfectly valid
markup.
So where does that leave the respective party's 'rights'?
Luckily there are ways for a user to override this attribute in
*some* browsers, though it's not easy and it's something the user
shouldn't even have to do.
So now you assume to know the requirements of all users?
No. If you think that, then you've totally misunderstood the issue. The
point is that it should be the *user's* choice in the end, not the
author's, and user's that want to make the choice should be able to do
so easily.
No, the point is that users have the ability to use auto complete,
authors have the ability to make it useless. I don't see that will
ever change.
See this recent thread [1] in the WHAT-WG mailing list that explains
why this attribute cannot be used, why browsers support it, why
authors should not use it, why there is an attempt to standardise it
and, most importantly, *why you must not use this attribute*!
[1]
http://listserver.dreamhost.com/pipe...read.html#3183
That thread contains a rather lop-sided series of comments regarding
the support that the WHAT Working Group specification should give to
the autocomplete attribute. There is no discussion of any of the
points you raise, least of all why it "cannot" or "must not" be used.
All the points are addressed either directly in the thread or there are
references to places that contain the explanation. Here's a very brief
summary.
Why browser's support it:
To meet the needs of some ignorant banking organisations that believe
it increases the security of their web pages.
That assertion is made without single reference or quote, which was
my point. And the sole reason offered is that particular users like
to use autocomplete and are offended if it doesn't work.
So what? Not one single pertinent argument was given as to why it
should be banned, other than "I want it".
The primary argument for preventing it is to ensure the users'
security, that the computer they are using can't remember what the
site believes is sensitive information.
Why it's being standardised:
Because specifications should document what browsers should support.
What? Standards are some kind of 'as-built' document? Whilst that
argument was offered, it simply doesn't stand up.
Why aren't the many other MS proprietary methods in standards? Just
about all browsers support innerHTML, but its chances of making
it into some future version of the DOM are remote at best.
Let's put this one to rest:
"...the most fundamental Web technologies must be compatible with
one another and allow any hardware and software used to access the
Web to work together. ... By publishing open (non-proprietary)
standards for Web languages and protocols, W3C seeks to avoid
market fragmentation and thus Web fragmentation.
"Tim Berners-Lee and others created W3C as an industry consortium
dedicated to building consensus around Web technologies."
<URL:http://www.w3.org/Consortium/>
In other words, standards exist to ensure interoperabilit y and
promote collaboration.
Browsers and standards are not in existence purely for user's
convenience - they exist as a platform for the web. If they don't
implement features required by web sites, then the sites will not
support them. If they don't support features wanted by users, then
users won't use them.
A browser author's dilemma is to walk the fine line between the two,
and a specification writer's job is to work out what features should
be in the standard and what shouldn't. The rationale for choosing one
particular feature may be totally different from that used to select
(or reject) another. No single player has absolute right of veto
over what any other player wants.
The attitude here seems to be that any attempt by a web site to
ensure user ID or password security is an attack on civil liberties.
Why authors can not, should not and must not use it:
Because it is a user-hostile act to disable a user's user agent
feature designed to increase the usability of web sites for the user.
Just wait for the day some suitably empowered user sues a site for
not ensuring the security of their user ID and password when the
tools were available to do it.
Any site that doesn't support my choice of browser and OS doesn't get
my business. I let them know my greivance in an e-mail, and once or
twice it has actaully resulted in changes to sites.
Indeed, if it were the view of that group that autocomplete can't or
mustn't be used, why is the outcome of the discussion that it
continue to be part of the specification?
Ignorance.
That group is ignorant? So why reference a bunch of ignoramuses?
I never said it was the view of the group, only that it should not be used for the many reasons discussed in it.
The only reason I saw was that some posters thought it was an attack
on their personal space if a page author dared interfere with a
feature of their browser. It can be just as easily answered that it
is the right of any site to disallow features they believe are
detrimental to their users security.
--
Zif
Mark Parnell wrote:
[...] See the part of my reply you snipped, or Michael's post,
42************* *********@news. zen.co.uk - both answered the OP's exact
question. Perhaps it was not quite the question he/she wanted answered,
but it's the question that was asked.
You answered the part of the question that had already been answered,
not the part that the OP still required to be answered.
No, it wasn't the answer required and the OP said so.
[...] 1. Use Flash forms and not HTML (requires Flash plugin)
2. Do not use names or labels on inputs (requires JavaScript support)
Well, removing form functionality is one way of preventing autocomplete,
but it's a bit drastic IMHO.
It achieves the OP's request - prevent auto complete without using
the autocomplete attribute.
Drastic? Maybe, but effective. :-x
3. Assign random strings to input names so that they are not
recognised by the browser (requires HTML only)
4. Use HTTPS (less reliable but still pretty good).
My browser allows me to autocomplete form data in either of those
situations (and possibly the first 2 - I haven't tested).
As noted, 4. is less reliable. But unless your browser provides a
list of every entry you've ever put into any form field, how will it
know that the field that was y76Km98 last time is now plOi98k? I can
encrypt every single field name & id based on a seed I generate at
the server and keep just for your current session and generate new
names & ids every time you refresh the page.
Drastic? Yes. CPU intensive at the server? Yes. But I defy any
browser to defeat it (and yes, I'd shuffle the position of elements
in the form). Of course, your browser can still guess at entries
using type-ahead, but the chances of anyone getting a user id or
password that way are greatly reduced.
As a last note, it is only worthwhile defeating auto complete on a
few sensitive fields. Is it really worth all this hassle just to
*reduce* security on obvious targets? How many large companies
allow a users PC to have the user ID and password auto-completed when
the user turns the machine on?
--
Zif
Zifud wrote: Mark Parnell wrote:
[...] See the part of my reply you snipped, or Michael's post,
You answered the part of the question that had already been answered,
not the part that the OP still required to be answered.
Required? On usenet? When did that start? ;)
s/required/desired/
--
Reply email address is a bottomless spam bucket.
Please reply to the group so everyone can share.
RobG wrote:
As far as I can tell - based on testing a couple of banking sites -
autocomplete does not 'work' in IE or Firefox if HTTPS is being used.
FYI, HTTPS autocomplete does work in FF, at least in the build I'm using.
--
Reply email address is a bottomless spam bucket.
Please reply to the group so everyone can share. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: bc |
last post by:
Hi,
Is it possible to detect if the IE autocomplete function in a current
context such as a textbox is activated (ie. dropdown with previously
entered info is visible)?
Problem:
I use a script as a basis for binding <enter> in textbox to a button,
BUT <enter> in the dropdown autocomplete generated by IE also triggers
this event.
The script is available below (in .NET context but the idea should
|
by: Thorsten Ottosen |
last post by:
Hi,
I'm using the AutoComplete attribute to control transactions.
What happens if I call functions with the AutoComplete attribute
from within other functions with the AutoComplete attribute?
For example
public class Foo
|
by: moondaddy |
last post by:
I have a form for entering a user's address and all fields have a required
validating control associated with them and the error msg for each field
displays right next to it. The normal behavior is that the error msg
doesn't show unit the use hits the submit button or the user enters data and
moves the focus to another control so the field becomes dirty. So far so
good. Now when the user goes back to that control and starts to input data...
|
by: Mrinal Kamboj |
last post by:
Hi ,
Need to get some basic info regarding AutoComplete Attribute in COM+ .
I am having a class with TransactionOption set to Required , now for
this class , can i mark all the methods with AutoComplete attribute ,
irrespective of the fact , whether i do implement Try .. Catch block or
not , as some of the methods are just meant for intermediary calculation
and are private , or i just need to mark one method that's public as...
|
by: thubba2000 |
last post by:
We have a web application developed using IBuySpy. In older versions,
Autocomplete on all web forms works. In our latest version, it stopped
working on all clients.
I have gone through all the groups and tried a bunch of things. Two
main areas I keep seeing are,
1. Browser Settings not set correctly.
2. Ability to turn off Autocomplete for a control and a form.
| | |
by: rbg.net |
last post by:
I know that there is a autocomplete property for the HTML "INPUT
type=text" control which if set to OFF, disables autocomplete of the
input textbox (doesn't remember previously entered values)
However there is no such corresponding property for the TEXTBOX ASP.NET
Webcontrol in ASP.NET 1.1.
I know that there is a AutoComplete Property in the TEXTBOX ASP.NET
WebControl in ASP.NET 2.0.
Thus I can use AutoComplete.Disabled property in...
|
by: nil |
last post by:
Hello all,
It's urgent...
i want to add autocomplete textbox facility in my application like
google. as you type it suggests option to the user..i want the same
kind of facility...i know i can do only with ajax(xml and javascript)
but i want to fetch possible values from database and want to show as
the user types in text box.
|
by: wkerplunk |
last post by:
Below is what I have build with several different languages. It works great but I need help, I am stuck.
When you click on an item in the dropdown autocomplete div it does a mousedown function and send the item number to the xmlHttp and works awesome. Now I need to add an apply button next to it. so they can type in the complete number then hit apply and it does the same function. I cant get it to work with the script I have. The image...
|
by: Doug |
last post by:
Hi
I have a simple form, just with one combo box and an OK button - and i have
tried to use the autocomplete routine and I have enabled autocomplete in the
combo box properties.
http://www.java2s.com/Code/CSharp/Components/UseanAutocompleteComboBox.htm
That is the link that I copied the code from - but the box doesnt
autocomplete and I dont know what i am doing wrong.
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
