[buddypress-trac] [BuddyPress Trac] #6269: Add autocomplete="off" to bp-login widget password field

buddypress-trac noreply at wordpress.org
Sun Mar 1 16:13:15 UTC 2015

#6269: Add autocomplete="off" to bp-login widget password field
 Reporter:  Prometheus Fire  |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  API              |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |

Comment (by boonebgorges):

 It's my understanding that browsers are dropping support for
 'autocomplete=off' on password fields. See eg
 with-all-modern-browsers/21348793#21348793 and
 allowed-to-disable-autocomplete-on-forms-or-fields. I believe that the
 only practical effect of setting autocomplete=off on password fields is to
 disable password managers. But, according to those links, modern password
 managers and browsers ignore that setting anyway. So I'm wondering if
 maybe the IBM Security AppScan ruleset is in the wrong in this case.

 On the other hand, wp-login.php does use autocomplete=off for the password
 field (and the entire form, in fact). See
 https://core.trac.wordpress.org/changeset/15710 and

 Do others have thoughts about best practices here?

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6269#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list