Thursday, November 17, 2016

Killing Autocomplete feature in 2016++ modern browsers

As of 2016-11-17, all modern browsers do not honour autocomplete=off attribute that has been long existing for years. Lots of frustration on it was spot on web developer forums where developers were trying to disable autocomplete option through multiple ugly hacks such as style display:none, double password input tags, ..etc.

We, YGN Ethical Hacker Group, likes to stress that this can be achieved very easily through existing methods.  Check out the demo page below.  It makes use of JavaScript AJAX to submit a Login Form Request.

JavaScript Approach:
https://yehg.net/lab/pr0js/demo/kill_autocomplete/javascript/index.php?1337

CSS Approach:
https://yehg.net/lab/pr0js/demo/kill_autocomplete/css/index.php?1337

Cheers,
Myo Soe  

No comments:

Post a Comment