[Owasp-egypt] Autocomplete='off' Phasing Out
mohabali at live.com
Wed Oct 15 06:43:01 UTC 2014
Another idea i have is to use textarea for the username instead of the input tag.
Wrote a little demo that should match the same look as input fields http://jsfiddle.net/51vkoj8p/
From: a.m.saafan at gmail.com
Date: Sun, 12 Oct 2014 09:26:45 +0200
To: owasp-egypt at lists.owasp.org
Subject: [Owasp-egypt] Autocomplete='off' Phasing Out
Now that autcomplete='off' HTML attribute is being phased out   , I found people using some workarounds:
Split username and password to separate pages:
This is the more elegant solution, adopted by security conscious websites. It
relies on the fact that browser autocomplete cannot catch username from one
page and password from another (with validation at the end).
Move username and password values to hidden
a script removes the values from the viewable form fields and move them to
hidden form fields. So the browser will not try to cache the displayed fields
because they are empty, and by default it will not cache the hidden fields.
Thoughts? Other suggestions?
Owasp-egypt mailing list
Owasp-egypt at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-egypt