Autofill
Autofill is a function found in some computer applications or programs, typically those containing forms, which prefills a field automatically and can save a user time.
A web browser's autofill feature is used to fill out forms with previously entered values, or a predetermined value. This feature is commonly used to fill in login credentials.
Description
Autofill is frequently found in web browsers, used to fill in web forms automatically. When a user inputs data into a form and subsequently submits it, the web browser will often save the form's contents by default.[citation needed]
However, when a password field is detected, the web browser will typically ask the user for explicit confirmation before saving the password in its password store, often secured with a built-in password manager to allow the use of a "master password" before credentials can be autofilled.[1]
Most of the time, such as in Internet Explorer and Google Toolbar, the entries depend on the form field's name, so as to not enter street names in a last name field or vice versa. For this use, proposed names for such form fields, in earlier HTML 5 specifications this RFC is no longer referenced, thus leaving the selection of names up to each browser's implementation.
Certain web browsers such as Opera automatically autofill credit card information and addresses.[2]
In HTML
An individual webpage may enable or disable browser autofill by default. This is done in HTML with the autocomplete
attribute in a <form>
element or its corresponding form elements.
<!-- Autocomplete turned on by default -->
<form autocomplete="on">
<!-- This form element has autocomplete turned on -->
<input name="username" autocomplete="on">
<!-- While this one inherits its parent form's value -->
<input name="password" type="password">
</form>
Phishing
It has been shown that the autofill feature of modern browsers can be exploited in a phishing attack with the use of hidden form fields, which allows personal information such as the user's phone number to be collected.[3]
See also
References
- ^ "Password Manager - Remember, delete and edit logins and passwords in Firefox". Firefox Support.
- ^ "Autofill: What web devs should know, but don't". Cloud Four. 19 May 2016.
- ^ "Browser Autofill Profiles Can Be Abused for Phishing Attacks". Bleeping Computer.
External links
- RFC 3106
- RFC 4112
- PCMag Encyclopedia entry Archived 2012-07-16 at the Wayback Machine
- The autofill section of the HTML 5.2 specification