venta

It's all in your browser.

While I'm happy to accept that, that doesn't really explain why credit card forms normally *don't* cache the information, but this specific one does.

What? you haven't got one?

I haven't, no. No one uses my laptop but me, and the log-on is password protected. It's locked when I'm away from it, and thus a master password doesn't really seem to bring much to the party.

I'm curious about the autofillforms, so will experiment with it.

From:

It's all in your browser. Under the preferences (I'm on a Mac so if you are on Doze it will vary.) Privacy, remember search and form history.

Just in case anyone else is reading this and fancies trying it, the Windows settings are:

Tools->Options->Privacy, set "Firefox will..." to "Use custom settings for history" to see the "Remember search and form history" checkbox.

Tools->Options->Security for the master password option.

From:

onebyone.livejournal.com

There is no such attribute, although password controls generally shouldn't be auto-filled from a drop-down menu that displays the password, since that would break the rule that the text is rendered such as to hide the characters.

It's down to the user agent what is cached and how. I just switch it off, especially since I use different email addresses for different sites anyway.

In Firefox you can generally highlight a chunk of site and right-click > "View selection source" to see the HTML. It might be possible to use Firefox-specific and/or javascript tricks to prevent caching.

From:

zotz

Yesterday another of my friends commented that this must mean Love accepts Oyster prepay.

From:

Er.... what?

From:

valkyriekaren.livejournal.com

Your subject line.

From:

Ah. I promptly forgot about that and tried to apply

zotz comments to web forms :)

From:

zotz

Always a tricky process, that.

From:

Yes, I did think you were being more than usually gnomic.

From:

zotz

It was the pointy hat and fishing rod that tipped you off, wasn't it?

Somebody always notices.

From:

No, I thought they were just sartorial statements.

Popping out of a door in amanita muscaria is a dead giveaway, though.

From:

Some of the comments above are misleading.

The behaviour you want is accomplished by setting the property autocomplete = "off" on the <form> element.

From:

Aha. Thank you. That explains why credit card forms don't usually display such things. Of course, the above suggestions sound sensible to me anyway, but it's nice to have that mystery cleared up.

From:

the above suggestions sound sensible to me anyway

Well... maybe. There's always a trade-off between security and convenience. I do think it would be reasonable to contact the site and ask them to improve their form.

From:

alien8.livejournal.com

..and there's nothing to stop a malicious site asking for the same data from your browser.. best not to have it in there.

IMHO Edit your saved data to pull the number.

From:

bondagewoodelf.livejournal.com

autocomplete='off' is happily ignored by many browsers

From:

That's a reason not to rely on it, it's not a reason for form-writers not to use it.

From:

It not being valid HTML might be a reason... Not that writers of commercial web pages seem generally terribly obsessed with standards compliance.

From:

Yes, I'm perfectly happy with invalidity as a reason for not using it.

Edited Date: 2010-06-08 11:03 am (UTC)

From:

Although it should probably be noted, for standards purists, that autocomplete is not a valid attribute for forms in either HTML 4 or XHTML 1 -- not all browsers may support it (although I think all the important ones do), and pages that include it will fail validation tests.

I believe it is to be included in HTML 5.

From:

Standards purists are lovely people. They deserve a pat on the back and a piece of cake. They should not, however, be trusted to write real web pages.

I had this revelation once shortly after the Netscape "extensions" to HTML first came out. At first I thought they were evil. Then I realised it didn't matter whether they were evil or not, because individual web developers were free to use them or not as they chose and therefore they were an instant de-facto standard on account of being useful. (Whether Netscape themselves were evil for adding them in the first place is a more complex matter...)

From:

ar-gemlad.livejournal.com

Netscape are definitely evil. It was them that did the blink tag, wasn't it?

From:

Still not as annoying as <marquee>! Now that was a really stupid idea...

From:

ar-gemlad.livejournal.com

Now I need to go for memory repression therapy again. To bury the memory...

From:

That one came from IE, if I remember right. Microsoft fighting fire with fire.

(deleted comment)

From:

Awesome! :-D

(Although... isn't JavaScript considered a bit web!satanic by such persons? I'm a bit out of touch.)

From: