davidksalazar

Q: Disable Safari 7.0.2 keychain password save

How can I disable safari from saving a user/pass from a form using html or javascript?

I've had this issue that came up with safari 7.0.2 where you can save a user/pass to a keychain and when you goto that same form it automatically overrides those fields? Personally I think this is horrible behavior. I don't think fields should ever be overridden.

 

I've created an isolated version that you can demo the issue here. http://dev.davidsalazar.com/issues/safari-autofill/

 

Steps to replicate (ensure you use latest safari 7.0.2)

1. Type and user/pass click save. It should prompt you to save to keychain, accept the save.

2. Now click on the link load random data and you will notice that safari will now be overriding those fields with your perviously saved fields.

iMac (27-inch Late 2009), OS X Mountain Lion (10.8.1)

Posted on Mar 24, 2014 9:10 AM

Close

Q: Disable Safari 7.0.2 keychain password save

  • All replies
  • Helpful answers

Previous Page 2
  • by davidksalazar,

    davidksalazar davidksalazar Oct 3, 2014 5:40 AM in response to davidksalazar
    Level 1 (0 points)
    Oct 3, 2014 5:40 AM in response to davidksalazar

    Looks like apple finally fixed this in safari 7.1

     

    About the security content of Safari 6.2 and Safari 7.1

  • by Grant Wray,

    Grant Wray Grant Wray Mar 17, 2016 11:23 AM in response to davidksalazar
    Level 1 (14 points)
    Mac OS X
    Mar 17, 2016 11:23 AM in response to davidksalazar

    I'm currently editing our user management system, and I'm finding this is a pain in the butt as well.

    A user logs in. They are an administrator. Fine if the LOGIN screen for them is completed.

    The administrator goes to edit another user's profile, or add a new profile. Part of that is setting a username and password for that user.

    Problem 1. Autocomplete - The username and password fields on the form autocomplete, overwriting the displayed value.

    Problem 2. Password manager - If you click submit, the password manager asks to save the values from the password fields.

     

    If the administrator double bounces on the return key, then their saved login credentials are changed. It's very annoying. I thought I'd fixed it with autocomplete off but in Safari Version 9.0.3 (11601.4.4), the behaviour has returned.

    I need to include, in the form that is submitted back to the server, a hint to the browser that the password and username fields on the form are NOT relevant to the current browser operator. It automatically picks up on the input field being type="password', and nothing you can do seems to change that. I don't want to have to write a ton of javascript etc just to emulate a type=password input field.

    As the OP says, you can't rely on the end user turning off the password manager or autocomplete on their browser. It needs to be hinted in the code.

Previous Page 2