2

I have a website where I have some functionality needed:

  • No autocompletion, suggestions or saving on my site:

    • No form Fields should ever be auto-completed or have drop Down suggestions based on earlier input
    • No form data (entries) should be saved/cached in the browser

  • Prevent "spilling" to other sites:

    • When visiting other websites, data from my site should not appear as suggestions in the forms (ref 1b).

Up until now I have accomplished this by using autocomplete = "off" on all forms. Based on this link from Mozilla this should originally have the effect of solving all the issues above, but some browsers are now starting to ignore the autocomplete attribute. The article referred to above states that the trick is to assign an invalid value to the attribute, such as autcomplete = "nope"

My questions are:

Q1: Will the solution of using autocomplete = "nope" also prevent caching/saving the data?

Q2: Are there better solutions to accomplish my criteria for best cross-browser compatibility? (I have searched, but not found anything that gives me Clear answers).

chintuyadavsara
  • 1,509
  • 1
  • 12
  • 23
Bergkamp10
  • 265
  • 2
  • 10

1 Answers1

1

The best solution is as you mentioned to put an invalid value as shown here.

In some cases, the browser will continue suggesting autocompletion values even if the autocomplete attribute is set to off. This unexpected behavior can be quite puzzling for developers. The trick to really enforcing non-autocompletion is to assign an invalid value to the attribute, for example:

autocomplete="nope"

Since this value is not a valid one for the autocomplete attribute, the browser has no way to match it, and stops trying to autocomplete the field.

Your data or cache wouldn't be affected by this and depending on what your form is built in, the data would only be saved via the form action or function handlers on the inputs.

Alternatively, I have found autocomplete= 'new-password' on the input to be reliable, however the above example on the form wrapper requires much less work than adding to every input

Darren
  • 2,176
  • 9
  • 42
  • 98
  • Thanks. The form is built using regular php post Method (no Ajax). Will any data from the input then be saved in the browser / locally when using autocomplete = "nope" ? – Bergkamp10 Oct 26 '18 at 12:20
  • This link (https://cloudfour.com/thinks/autofill-what-web-devs-should-know-but-dont/) is a great read on the topic. To ensure that no data is saved by the browser, you could make the `input` `name` obscure. For example, the `input` for Phone, could have a name of `53007478` as a random string, rather than `phone`. Therefore even if the data is stored by the browser, the browser will have a hard time matching the value elsewhere. More details can be found in this answer (https://stackoverflow.com/questions/7223168/how-to-trigger-autofill-in-google-chrome/9795126#9795126) – Darren Oct 26 '18 at 13:03