diff --git a/source b/source index d4dcb7f79ef..a131f8235a3 100644 --- a/source +++ b/source @@ -4707,6 +4707,9 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute data-x="">cross-origin-isolated", which has a default allowlist of 'self'. +
  • "shared-autofill", which + has a default allowlist of 'self'.
    • @@ -44716,6 +44719,10 @@ interface HTMLTableCellElement : HTMLElement { <p><button>Submit order</button></p> </form> +

    User agents are not limited to the form controls of a specific form + in their automatic filling. In particular, they can consider fields from different documents + as explained in the eligible for autofill section.

    +
    Improving the user experience on mobile devices
    @@ -55715,13 +55722,111 @@ form.method === input; // => true
    Autofill
    -
    Autofilling form controls: the autocomplete attribute
    +

    Some user agents have features for helping users fill in forms, for example prefilling the + user's address based on earlier user input. They may autofill either an individual form control or + multiple controls at once.

    + +
    +

    A user agent might offer the user to automatically fill their address in the following + form.

    + + 
    <form method=post action="https://pizza.exampe.com/order.cgi">
+ <label> Name:        <input></textarea> </label>
+ <label> Address:     <input></textarea> </label>
+ <label> City:        <input> </label>
+ <label> Postal Code: <input> </label>
+ <label> Country:     <select>...</select> </label>
+</form>
    + +

    For example, the user agent could suggest values to fill when the user focuses or types into + one of the controls.

    +
    + +

    The user agent may fill in multiple controls at once even if they have different form owners, root nodes, or even node documents. However, the user agent should only fill in controls that are + eligible for autofill.

    + +
    Eligibility for autofill
    + +

    A form control control is eligible for autofill if control's + node document document is a fully active descendant of a top-level + traversable with user attention and one of the following is true:

    + + + +
    +

    In this example, the pizza store has outsourced payment processing to a service provider. To + comply with the payment industry standard PCI-DSS, certain form controls are hosted + in cross-origin iframes. Visually, these form controls integrate seamlessly with the pizza + store's look and feel; the user is not made aware of the controls' origins.

    + +

    The checkout form on https://pizza.example.com/ has enabled shared-autofill as a hint to the user agent to fill in + the entire payment form.

    + + 
    <form method=post>
+ <p> Cardholder name:    <input>
+ <p> Credit card number: <iframe src="https://pay.example.com/number.html" allow=shared-autofill></iframe>
+ <p> Expiration date:    <input>
+ <p> CVC:                <iframe src="https://pay.example.com/cvc.html" allow=shared-autofill></iframe>
+</form>
+<iframe src="https://ads.example.com/ad.html"></iframe>
    + +

    number.html and cvc.html each contain an + input:

    -

    User agents sometimes have features for helping users fill forms in, for example prefilling the - user's address based on earlier user input. The <!doctype html> +<html> + <body> + <input> +</html> + +

    Suppose the user starts typing the cardholder name and the user agent offers to fill in the + entire credit card form. The cardholder name and expiration date controls are eligible by means + of their origin, and the controls in number.html and cvc.html are eligible due to the shared-autofill feature. None of the controls in ad.html is eligible because of the distinct origins and the absent shared-autofill feature; this prevents leaking + information to the ad server.

    +
    + +
    +

    Whether a form control is eligible for autofill by means of shared-autofill might be beyond control of the focused + document: policy-controlled features can + be enabled or disabled by a parent document in its children, but not vice versa. This reflects + how form controls in cross-origin iframes are commonly seamlessly integrated with the top-level + document. The user agent might ignore shared-autofill in documents that are not descendants of + the focused document, perhaps depending on the value that would be filled.

    + +

    The user agent might generally ignore shared-autofill in cross-origin frames when filling in + usernames and passwords since these credentials might be associated with a specific origin.

    + +

    On the other hand, the user agent might fill in cross-origin form controls in the absence of + shared-autofill if it thinks this is the user's + intention, for example, because the user consented.

    +
    + + +
    The autocomplete attribute
    + +

    The autocomplete content attribute can be used to hint to - the user agent how to, or indeed whether to, provide such a feature.

    + the user agent how to, or indeed whether to, autofill a form control.

    @@ -134069,6 +134174,9 @@ INSERT INTERFACES HERE
    [PAYMENTREQUEST]
    Payment Request API, M. Cáceres, D. Wang, R. Solomakhin, I. Jacobs. W3C.
    +
    [PCI-DSS]
    +
    (Non-normative) PCI Data Security Standard — Information Supplement: Best Practices for Securing E-commerce. Payment Card Industry Security Standards Council.
    +
    [PDF]
    (Non-normative) Document management — Portable document format — Part 1: PDF. ISO.
    @@ -134551,6 +134659,7 @@ INSERT INTERFACES HERE Christian Johansen, Christian Schmidt, Christoph Päper, + Christoph Schwering, Christophe Dumez, Christopher Aillon, Christopher Cameron,