Disabling auto-complete in a form

[tech_support]

One question we usually ask in cases like this that we didn't here is "Why?" I was tempted to several times, not sure why I didn't.

Generally, if the user has auto-complete on, they can distinguish between an appropriate suggestion and one that simply wouldn't be acceptable for them in a given situation. Unless it's a quiz, even if it is, what's the harm in auto-complete?

Also, most "web 2.0" websites/applications have it "disabled", like chat sites.

[djr33]

When used as a feature, not as a "form", that's quite true, or when typing in sensitive data, like a bank account number, which wouldn't be a password, but would be better to not just pop up.

[jscheuer1]

Does 'web 2.0' really mean anything? I see you quoted it as if it did to some people, but not to others.

I played around with the old autocomplete="no" concept and it worked in FF and Safari. Opera doesn't seem to have the feature to begin with, at least not that I can tell. I have it off in IE, but I'm sure it works for that browser.

I would venture to guess that virtually all browsers that have the feature, whatever they call it, would respect the non-standard autocomplete="no" attribute. Those that don't respect it, most of their users must be used to it happening at odd times. Those that don't have the feature are no problem in this context.

If there is an issue of strict compliance, the attribute may be added via javascript, but that will cut down on compliance. Non-javascript enabled browsers with the feature will still auto-complete.

[Twey]

Does 'web 2.0' really mean anything? I see you quoted it as if it did to some people, but not to others.

It's a ridiculous buzzword. Generally speaking, it means "a site that uses XHR for no good reason," but sometimes it also means "a site that uses way too much eye-candy and stupid flashy effects." See also Prototype.

If there is an issue of strict compliance, the attribute may be added via javascript, but that will cut down on compliance.

It's not compliant then anyway. Just because the validator can't pick it up doesn't mean it's valid.

[jscheuer1]

If there is an issue of strict compliance, the attribute may be added via javascript

It's not compliant then anyway. Just because the validator can't pick it up doesn't mean it's valid.

Without saying is how that goes. It's funny though, even before I saw this, I was wondering if you could do a:

Code:

if (/(string)|(boolean)/.test(typeof el.autocomplete))
el.autocomplete='no';

or something like that. If you could, I'm sure, although not valid, it would be in the spirit of valid code.

Also, what I meant by using javascript to validate, that was just to get the green screen, for whatever reason.

[Twey]

If you could, I'm sure, although not valid, it would be in the spirit of valid code.

Mm. Perhaps:

Code:

if(typeof el.autoComplete !== "undefined")
  el.autoComplete = false;

Also, what I meant by using javascript to validate, that was just to get the green screen, for whatever reason.

There's no point in this at all. The validator is just a tool that helps you achieve validity, not a dictator that demands perfect conformance; trying to outfox it in this way is self-defeating.

[jscheuer1]

Mm. Perhaps:

Code:

if(typeof el.autoComplete !== "undefined")
  el.autoComplete = false;

Possibly. Being non-standard though, if we wanted to know as much about this approach as we could, I think we would have to try it out in as many browsers as we have available to us.

Also, what I meant by using javascript to validate, that was just to get the green screen, for whatever reason.

There's no point in this at all. The validator is just a tool that helps you achieve validity, not a dictator that demands perfect conformance; trying to outfox it in this way is self-defeating.

I dunno, you'd be surprised at the reasons some folks come up with for it.

I find that both visually and psychologically, I just prefer the color green. As long as I know what I did to get it to validate, what's the harm in sparing myself the stress of the red screen? I even sometimes go so far as to have some image tags display:none in IE and then use IE conditional comments to make otherwise duplicate image tags for them with the galleryimg="no" attribute set.

The most compelling reason for some would be to satisfy some relatively clueless client.

Edit: In limited testing it looks like the 'typeof' approach isn't going to work. In Opera which has 'The Wand' and supposedly/perhaps respects autocomplete=no for its use, which is different than the general autocomplete feature on other browsers, the typeof is always 'string'. In FF it is only 'string' if present - 'undefined' if absent from the tag, in IE it's always 'string'.

[Twey]

I even sometimes go so far as to have some image tags display:none in IE and then use IE conditional comments to make otherwise duplicate image tags for them with the galleryimg="no" attribute set.

And why not? That's perfectly valid. You're just taking advantage of a browser-dependent feature (as we do with the conditional Javascript above).

The most compelling reason for some would be to satisfy some relatively clueless client.

I'm fairly sure that's a dishonest business practice.

[jscheuer1]

Dishonest, it would all depend. If you don't come right out and say it's valid strict or whatever, I think you're covered. You could say, it validates as strict. Then you would move from dishonest to merely deceptive. If the rest of the code really is valid, it is a harmless deception (white lie) in my opinion.

I don't know what I would do, it's never come up. I think I would try to explain the situation, but not be so adamant about it so as not to give myself the room to use the white lie if the client were firmly entrenched.

[djr33]

it is a harmless deception (white lie) in my opinion.

I despise the idea of a strict validation and conformity; if something works*, it works, and should be valid. A tag like this causes no harm.
(*consistently, in either all browsers, or it causes no harm in those in which it doesn't work)
However, to have any reasonable way to standardize code so that it is generally legible and understandable by another user, it simply must have some sort of standardization. As such, what then is the solution?
Is this really a harmless deception?
What's the point of a strict standard when a bit of bending is ok?

Personally, I'd suggest that additional attributes be allowed, but I guess that means any random attribute which IS invalid would be allowed as well.

//shrug