Archived entry | Matt Wilcox .net

Stopping browsers from remembering form field data

Part of the convenience of modern web browsers is their ability to remember the details you enter into form fields. This saves the user from having to remember or re-type things like their username and password. Unfortunately there are places where it is a disadvantage for this to happen - for example, what if you are not using your own computer? Perhaps you’re checking your bank details at an internet cafe? (which, frankly, I would never advise doing. Call me paranoid but anyone can put spyware or a key-logger on a public computer and stand an extremely good chance of stealing everything you type at it. Never use a public PC for personal or sensitive work).

It turns out that there is a way to stop browsers from automatically storing this information, but it does break validation because it is not standards compliant. This is one of those occasions where I’m actually prepared to produce a page that doesn’t validate - I feel the added security of ensuring sensitive data like your bank account number or credit card number isn’t going to be readily available to the next person who sits at the computer is worth a ‘broken’ page.

Just add autocomplete="off" as an attribute to any field you want to not remember the data entered into it.

Arguments could be made that proper user control and accounts would make this not a problem, as users are usually given the choice of whether or not their browser remembers data. Unfortunately, many people don’t have a clue about proper account/user control, so it pays to be a little paranoid sometimes.

Entry Information

Posted:

Wed, 28th Mar 2007 at 11:03 UTC

Filed under:

• Web Development

Tags:

• no tags defined for this entry