User agents are not limited to the form controls of a specific form
in their automatic filling. In particular, they might consider fields from different documents
as explained in the eligible for autofill section.
A user agent might offer the user to automatically fill their address in a form like the - following.
- -<form method=post action="https://pizza.exampe.com/order.cgi">
- <label> Name: <input></textarea> </label>
- <label> Address: <input></textarea> </label>
- <label> City: <input> </label>
- <label> Postal Code: <input> </label>
- <label> Country: <select>...</select> </label>
+ A user agent might offer the user to automatically fill their address in a form like the
+ following.
+
+ <form method=post action="https://pizza.exampe.com/order.cgi">
+ <label> Name: <input></textarea> </label>
+ <label> Address: <input></textarea> </label>
+ <label> City: <input> </label>
+ <label> Postal Code: <input> </label>
+ <label> Country: <select>...</select> </label>
</form>
- For example, the user agent could suggest values to fill when the user focuses or types in
- one of the controls.
+ For example, the user agent could suggest values to fill when the user focuses or types in
+ one of the controls.
The user agent may fill multiple controls at once even if they have different form owners, root elements, or even - node documents. However, the user agent should not fill in a - field if that field is not eligible for autofill.
+ node documents. However, the user agent should only fill in + controls that are eligible for autofill.A form control control is eligible for autofill if control's - node document document is fully active and one of the - following is true:
+ node document document is a fully active descendant of a top-level + traversible with user attention and one of the following is true:Some element is focused and its node document's - origin is the same origin as - document's origin.
Some element is focused and its node document's + origin is the same origin as + document's origin.
The shared-autofill feature is enabled in
- document for document's
- origin.
The shared-autofill feature is enabled in
+ document for document's
+ origin.
Consider the following page https://pizza.example.com/:
Consider the following page https://pizza.example.com/:
<form method=post>
- <p> Cardholder name: <input>
- <p> Credit card number: <iframe src="https://pay.example.com/number.html" allow=shared-autofill></iframe>
- <p> Expiration date: <input>
- <p> CVC: <iframe src="https://pay.example.com/cvc.html" allow=shared-autofill></iframe>
+ <form method=post>
+ <p> Cardholder name: <input>
+ <p> Credit card number: <iframe src="https://pay.example.com/number.html" allow=shared-autofill></iframe>
+ <p> Expiration date: <input>
+ <p> CVC: <iframe src="https://pay.example.com/cvc.html" allow=shared-autofill></iframe>
</form>
<iframe src="https://ads.example.com/ad.html"></iframe>
- Let number.html and cvc.html each contain an
- input:
+ Let number.html and cvc.html each contain an
+ input:
- <!doctype html>
+ <!doctype html>
<html>
<body>
<input>
</html>
- Suppose the user starts filling the cardholder name and the user agent offers to fill the
- entire credit card form. The cardholder name and expiration date controls are eligible by means
- of their origin, and the controls in number.html and
- cvc.html are eligible due to the
- shared-autofill feature.
- By contrast, none of the controls in ad.html is eligible because of the
- distinct origins and the absent shared-autofill
- feature; this prevents leaking to the ad server.
+ Suppose the user starts filling the cardholder name and the user agent offers to fill the
+ entire credit card form. The cardholder name and expiration date controls are eligible by means
+ of their origin, and the controls in number.html and
+ cvc.html are eligible due to the
+ shared-autofill feature.
+ By contrast, none of the controls in ad.html are eligible because of the
+ distinct origins and the absent shared-autofill
+ feature; this prevents leaking information to the ad server.