Opened 10 months ago

Last modified 5 weeks ago

#29379 new New feature

Add autocomplete attribute to contrib.auth fields

Reported by: CHI Cheng Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Jeff Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by CHI Cheng)

Add autocomplete=username/email/current-password/new-password to contrib.auth builtin forms.

Pull request: https://github.com/django/django/pull/9921

The most useful one is autocomplete=new-password, which prevents browsers prefill with current password, Chrome will also suggest a random strong password for users who turned on account sync.

Related docs:
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill
https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields

Change History (6)

comment:1 Changed 10 months ago by CHI Cheng

Description: modified (diff)

comment:2 Changed 10 months ago by Carlton Gibson

Patch needs improvement: set

This seems OK/good in theory. We're a bit ahead of the curve in terms of current browser support so there's a question about when (and whether) this gets adopted.

PR has failures that need addressing.

comment:3 Changed 9 months ago by Carlton Gibson

Triage Stage: UnreviewedAccepted

comment:4 Changed 8 months ago by Jeff

Cc: Jeff added

comment:5 Changed 5 weeks ago by sedrubal

Hi, what is the status of this pull request? I just wanted to open the same pull request and then I found this ticket...

comment:6 Changed 5 weeks ago by Claude Paroz

After months of inactivity, feel free to take over the patch (crediting the original author), and polish it so as it can get in the review queue again.

Note: See TracTickets for help on using tickets.
Back to Top