Thursday, December 16, 2010

Turn autocomplete="on"


I have another item of trivia (something more substantial is next, I promise). Some months ago, a website that I log into every day adopted the use of a form element for logins that is modified to look like this:

<input class="login" type="text" value="" size="20"  autocomplete="off">

The autocomplete attribute turns off autocompletion, which the browser would otherwise use (subject to User Prefs), to fill in the login name (and most important, the password) in the form.

An argument in favor of this strategy is that it protects your random idiot who does his online banking on a public PC at his hotel in Mexico and stores his login info without thinking about it.

One argument against is that it promotes the use of weak passwords. Since the site in question requires at least a modestly complex password, and I try to always use strong passwords, this is a real problem.

The solution, on Safari anyway, is a Safari Extension that I got from Jeff Johnson at Lapcat Software (here). You can read more about Safari Extensions (here) and get a lot of them too.

The extension's code has a format which looks funny at first, it has a file suffix safariextz and looks fairly weird if you drop it on a text editor. But the first few letters are xar, which is a big hint that you can look inside easily and see what's there (here):

xar -xf


(xar being the "extensible archiver"). The nice thing about that is I can readily tell how it works and that it's harmless. What you can't do is to rearchive it and then use it (at least so I'm told). That's because of Code Signing (here).

Read the original post on the extension (here).