Closed
Bug 1081114
Opened 11 years ago
Closed 5 years ago
Document best practices for login forms
Categories
(Developer Documentation Graveyard :: General, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: aleth, Unassigned)
Details
:: Developer Documentation Request
Request Type: New Documentation
Gecko Version: unspecified
Technical Contact:
:: Details
There seems to be no information at all on MDN on how to get the password manager to recognize that a particular field is a password entry field in more complicated web pages.
Filing this bug in response to the following user comment: "You know, if the browsers actually *documented* this shit, we might have a hope in hell of making it work... We've messed around with iframes and names and stuff in the past, and I decided there was no way to get it to work properly."
|
||
Comment 1•9 years ago
|
||
Matthew: Paolo told me that you may have a document somewhere, or at least the precise info, describing how login fields detection is happening in Firefox. Do you think we could work in making this an MDN page?
Flags: needinfo?(MattN+bmo)
|
||
Comment 2•9 years ago
|
||
(In reply to aleth [:aleth] from comment #0)
> Filing this bug in response to the following user comment: "You know, if the
> browsers actually *documented* this shit, we might have a hope in hell of
> making it work... We've messed around with iframes and names and stuff in
> the past, and I decided there was no way to get it to work properly."
This is actually partly documented in the HTML spec at https://html.spec.whatwg.org/multipage/forms.html#processing-model-3 (see the table containing "an input element whose type attribute is in the Text state that is followed by an input element whose type attribute is in the Password state" right above 4.10.19.8.3).
Here is Chromium's page: https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands
This section at https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields should probably be incorporated.
Btw. https://developer.mozilla.org/en-US/docs/Web/Security/Insecure_passwords has a broken image and the screenshots show old Firefox UI.
I think we should have a page that is best practices for login forms, not specific to Fx. It can also talk about security and using a <form> (with preventDefault for XHR special cases).
|
|
||
Comment 3•9 years ago
|
||
It can perhaps be linked from https://developer.mozilla.org/en-US/docs/Web/Guide/HTML/Forms
|
|
||
Updated•8 years ago
|
Flags: needinfo?(MattN+bmo)
|
||
Updated•8 years ago
|
Assignee: eshepherd → nobody
Priority: P5 → P3
Summary: How to ensure the FX password manager recognizes password fields as such → Document best practices for login forms
|
||
Comment 4•5 years ago
|
||
MDN Web Docs' bug reporting has now moved to GitHub. From now on, please file content bugs at https://github.com/mdn/sprints/issues/ and platform bugs at https://github.com/mdn/kuma/issues/.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•