Is there a W3C valid way to disable autocomplete in a HTML form

Question

When using the xhtml1-transitional dtd doctype  collecting a credit card number with the following HTML   lt input type  text  id  cardNumber  name  cardNumber  autocomplete  off   gt    will flag a warning on the W3C validator      there is no attribute  autocomplete     Is there a W3C   standards way to disable browser auto-complete on sensitive fields in a form

User · Answer

No  but browser auto-complete is often triggered by the field having the same name attribute as fields that were previously filled out  If you could rig up a clever way to have a randomized field name  autocomplete wouldn t be able to pull any previously entered values for the field   If you were to give an input field a name like  email  lt    randomNumber     gt    and then have the script that receives this data loop through the POST or GET variables looking for something matching the pattern  email  some number    you could pull this off  and this would have  practically  guaranteed success  regardless of browser

User · Answer

Here is a good article from the MDC which explains the problems  and solutions  to form autocompletion  Microsoft has published something similar here  as well   To be honest  if this is something important to your users   breaking  standards in this way seems appropriate  For example  Amazon uses the  autocomplete  attribute quite a bit  and it seems to work well   If you want to remove the warning entirely  you can use JavaScript to apply the attribute to browsers that support it  IE and Firefox are the important browsers  using someForm setAttribute   autocomplete    off     someFormElm setAttribute   autocomplete    off      Finally  if your site is using HTTPS  IE automatically turns off autocompletion  as do some other browsers  as far as I know    Update  As this answer still gets quite a few upvotes  I just wanted to point out that in HTML5  you can use the  autocomplete  attribute on your form element  See the documentation on W3C for it

User · Answer

No  a good article is here in Mozila Wiki   I would continue to use the invalid attribute  I think this is where pragmatism should win over validating

User · Answer

Another way - which will also help with security is to call the input box something different every time you display it  just like a captha   That way  the session can read the one-time only input and Auto-Complete has nothing to go on   Just a point regarding rmeador s question of whether you should be interfering with the browser experience   We develop Contact Management  amp  CRM systems  and when you are typing other people s data into a form you don t want it constantly suggesting your own details   This works for our needs  but then we have the luxury of telling users to get a decent browser    autocomplete  off

User · Answer

autocomplete  off  this should fix the issue for all modern browsers    lt form name  form1  id  form1  method  post  autocomplete  off     action  http   www example com form cgi  gt           lt  form gt    In current versions of Gecko browsers  the autocomplete attribute works perfectly  For earlier versions  going back to Netscape 6 2  it worked with the exception for forms with  Address  and  Name   Update  In some cases  the browser will keep suggesting autocompletion values even if the autocomplete attribute is set to off  This unexpected behavior can be quite puzzling for developers  The trick to really forcing the no-autocompletion is to assign a random string to the attribute  for example   autocomplete  nope    Since this random value is not a valid one  the browser will give up   Documetation

User · Answer

Valid autocomplete off   lt script type  text javascript  gt          lt   CDATA         document write   lt input type  text  id  cardNumber  name  cardNumber  autocom   plete  off   gt               gt       lt  script gt

User · Answer

Not ideal  but you could change the id and name of the textbox each time you render it - you d have to track it server side too so you could get the data out   Not sure if this will work or not  was just a thought

User · Answer

Using a random  name  attribute works for me   I reset the name attribute when sending the form so you can still access it by name when the form is sent   using the id attribute to store the name

User · Answer

I suggest catching all 4 types of input      form input select textarea   attr  autocomplete    off      Reference    http   www w3 org Submission web-forms2  the-autocomplete http   dev w3 org html5 markup input html

User · Answer

HTML 4  No  HTML 5  Yes     The autocomplete attribute is an enumerated attribute  The attribute   has two states  The on keyword maps to the on state  and the off   keyword maps to the off state  The attribute may also be omitted  The   missing value default is the on state  The off state indicates that by   default  form controls in the form will have their autofill field name   set to off  the on state indicates that by default  form controls in   the form will have their autofill field name set to  on     Reference  W3

User · Answer

If you use jQuery  you can do something like that      document  ready function      input autocompleteOff   attr  autocomplete   off         and use the autocompleteOff class where you want     lt input type  text  name  fieldName  id  fieldId  class  firstCSSClass otherCSSClass autocompleteOff    gt    If you want ALL your input to be autocomplete off  you can simply use that      document  ready function      input   attr  autocomplete   off

User · Answer

I MADE THIS WORK IN 2020  I basically create a css class that applies -webkit-text-security to my inputs  Here s the link to a more recent discussion  https   stackoverflow com a 64471795 8754782

User · Answer

I would be very surprised if W3C would have proposed a way that would work with  X HTML4  The autocomplete feature is entirely browser-based  and was introduced during the last years  well after the HTML4 standard was written    Wouldn t be surprised if HTML5 would have one  though   Edit  As I thought  HTML5 does have that feature  To define your page as HTML5  use the following doctype  i e  put this as the very first text in your source code   Note that not all browsers support this standard  as it s still in draft-form    lt  DOCTYPE html gt

User · Answer

if  document getElementsByTagName        var inputElements   document getElementsByTagName  input        for  i 0  inputElements i   i              if  inputElements i  className  amp  amp   inputElements i  className indexOf  disableAutoComplete      -1                 inputElements i  setAttribute  autocomplete   off

User · Answer

How about setting it with JavaScript   var e   document getElementById  cardNumber    e autocomplete    off      Maybe should be false   It s not perfect  but your HTML will be valid

User · Answer

I think there s a simpler way  Create a hidden input with a random name  via javascript  and set the username to that   Repeat with the password   This way your backend script knows exactly what the appropriate field name is  while keeping autocomplete in the dark   I m probably wrong  but it s just an idea

User · Answer

This solution works with me      form input select textarea   attr  autocomplete    nope      if you want use autofill in this region  add autocomplete  false  in element ex    lt input id  search  name  search  type  text  placeholder  Name or Code  autcomplete  false  gt

User · Answer

Note that there s some confusion about location of the autocomplete attribute  It can be applied either to the whole FORM tag or to individual INPUT tags  and this wasn t really standardized before HTML5  that explicitly allows both locations   Older docs most notably this Mozilla article only mentions FORM tag  At the same time some security scanners will only look for autocomplete in INPUT tag and complain if it s missing  even if it is in the parent FORM   A more detailed analysis of this mess is posted here  Confusion over AUTOCOMPLETE OFF attributes in HTML forms

[html] Is there a W3C valid way to disable autocomplete in a HTML form?

Examples related to html

Examples related to standards

Examples related to forms

Examples related to w3c