Rob Kraft's Software Development Blog

Software Development Insights

Archive for April, 2017

Flawed Logic in W3C Spec 3.2 of HTML-Design-Principles “Priority of Constituencies” – AutoComplete Bug

Posted by robkraft on April 28, 2017

I believe there is a concept flaw in the W3C spec regarding “priority of constituencies” (https://www.w3.org/TR/html-design-principles/#priority-of-constituencies).

I agree with this explanation http://www.schemehostport.com/2011/10/priority-of-constituencies.html for sites like facebook where users own their data, but not for company sites where companies own the data and users are just performing a role regarding company data.  Owners of data, a category not considered as separate from users in the 2004 W3C spec, should be given priority over the users of the data.  Company owners of data desire to keep users from making poor security decisions and choosing to store their password in their browsers, thus company owners should be allowed to ask their authors to remove the ability for users to store passwords to company roles in their browsers.  By not allowing this ability, Chrome and other browsers cause developers needing this ability to implement techniques that may introduce new security flaws.

Here is a workaround for Chrome: http://stackoverflow.com/questions/35049555/chrome-autofill-autocomplete-no-value-for-password
Here are some other approaches: http://stackoverflow.com/questions/11708092/detecting-browser-autofill

Posted in Security | Leave a Comment »