Autocomplete giving any info from non-visible fields #1285
Comments
|
I hope we can get something in before the next milestone. In case we don't I have flagged it so I can make sure it is picked up explicitly for privacy review. |
|
@alastc is it just when fields are hidden off-screen (per the examples linked from the article you referenced), or are there other techniques we should mention? |
|
Logically it must be when fields (with autocomplete) are on the page, but hidden or disguised in some way. There might be an aspect of wack-a-mole, where if hidden fields are detected by browsers then attackers might use other techniques like shrinking inputs to a couple of pixels, or making them transparent, or white on a white background or some other technique. I suggest leaving it up to the browsers to fulfill a general requirement as they see fit. |
|
Thanks @alastc. Proposed text: <Warning: When fields with the 'autofill' attribute are hidden off-screen or visually disguised, personal data may still be entered when using the 'auto-fill' feature of browsers and password managers. User agents should verify that all fields with the 'autofill' attribute are visible within the viewport before inserting data automatically.< |
|
+1 to that text.
JF
…On Mon, Apr 9, 2018 at 5:54 PM, Léonie Watson ***@***.***> wrote:
Thanks @alastc <https://github.com/alastc>. Proposed text:
<Warning: When fields with the 'autofill' attribute are hidden off-screen
or visually disguised, personal data may still be entered when using the
'auto-fill' feature of browsers and password managers. User agents should
verify that all fields with the 'autofill' attribute are visible within the
viewport before inserting data automatically.<
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1285 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABK-c3PcSncLhZvWw4hSmTbtCt7YnLWKks5tm9h5gaJpZM4SgzYe>
.
--
John Foliot
Principal Accessibility Strategist
Deque Systems Inc.
john.foliot@deque.com
Advancing the mission of digital accessibility and inclusion
|
* Warns UAs to verify fields with autocomplete in the autofill expectation mantle are visible before automtically inserting data * Will fix #1285
|
Comment originally filed by email from Nick Doty, in response to a wide review request to the Privacy IG. <"The warning on the autofill attribute seems particularly important. Do we know whether UAs have implemented mitigations for this threat? Are there mitigations |
This issue came up during some WCAG work, where we are potentially requiring authors to use autocomplete attributes.
It appears that a site can hide fields (off-screen with CSS) such as address & credit card so that if you select 'fill form' whilst on a name field, it gets all the other information without you realising.
Article with examples.
I assume the browser makers would want to address it, but it also affects other user-agents / extensions like password managers. For example, Lastpass has form-filling functilnality that is affected. (I think Lastpass uses more than the autocomplete tokens, but it certainly works on fields with autocomplete.)
There could be various solutions, but as a minimum user-agents should check that a field is visible before filling it in, can a warning or note be added to the spec?
The text was updated successfully, but these errors were encountered: