Bug 1619498 Comment 21 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

(In reply to Tim Smith 👨‍🔬 [:tdsmith] from comment #20)
> Sorry for the delay; where does this value come from? Can it contain arbitrary values from the page?
> 
> > acFieldName: The "field name" token (last one) of the field's autocomplete attribute.

It comes from the HTML standard and we only return valid values so it can't contain arbitrary values. These are the valid values: https://searchfox.org/mozilla-central/rev/61f224ec08ddc6f9a93ac45c8c3c5f7159be7c2a/dom/base/AutocompleteFieldList.h#91-147
(In reply to Tim Smith 👨‍🔬 [:tdsmith] from comment #20)
> Sorry for the delay; where does this value come from? Can it contain arbitrary values from the page?
> 
> > acFieldName: The "field name" token (last one) of the field's autocomplete attribute.

It comes from the HTML standard and we only return valid values so it can't contain arbitrary values. These are the valid values: https://searchfox.org/mozilla-central/rev/61f224ec08ddc6f9a93ac45c8c3c5f7159be7c2a/dom/base/AutocompleteFieldList.h#91-147 (we actually only support a subset of those)

[HTML spec link](https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attr-fe-autocomplete-name)

Back to Bug 1619498 Comment 21