Opened 3 weeks ago

Last modified 11 days ago

#29379 new New feature

Add autocomplete attribute to contrib.auth fields

Reported by: CHI Cheng Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by CHI Cheng)

Add autocomplete=username/email/current-password/new-password to contrib.auth builtin forms.

Pull request: https://github.com/django/django/pull/9921

The most useful one is autocomplete=new-password, which prevents browsers prefill with current password, Chrome will also suggest a random strong password for users who turned on account sync.

Related docs:
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill
https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields

Change History (3)

comment:1 Changed 3 weeks ago by CHI Cheng

Description: modified (diff)

comment:2 Changed 3 weeks ago by Carlton Gibson

Patch needs improvement: set

This seems OK/good in theory. We're a bit ahead of the curve in terms of current browser support so there's a question about when (and whether) this gets adopted.

PR has failures that need addressing.

comment:3 Changed 11 days ago by Carlton Gibson

Triage Stage: UnreviewedAccepted
Note: See TracTickets for help on using tickets.
Back to Top