[TYPO3-core] RFC #12236: Password-field in "User Settings" is prefilled, which does not make sense

Martin Kutschker masi-no at spam-typo3.org
Thu Oct 15 11:31:48 CEST 2009


Mathias Schreiber [wmdb >] schrieb:
> Steffen Gebert schrieb:
>> So the current behaviour, if auto-filling is enabled, is not really
>> user-friendly
>>
>> Solution:
>> Add attribute autocomplete="off" to the <input type="password"> [1,2]
> 
> Though I generally agree, I'm not sure if autocomplete="off" is XHTML
> compliant.
> I just wanted to mention this because Patrick might remove it sooner or
> later due to his "crusade"

Usability (and security) must have more weight then adhering to any standard. If someone argues that
all BE pages must validate then my answer is that we simply have to change the DTD. Any DTD can be
extended! Let's use a custom one that adds autocomplete.

Masi


More information about the TYPO3-team-core mailing list