Skip to content

Commit 8a7af46

Browse files
authored
Merge pull request #30 from WICG/security_considerations_feedback
Security considerations feedback
2 parents 29a5998 + e1e2c57 commit 8a7af46

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

index.bs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -316,12 +316,15 @@ Using `full-address` to enable comprehensive address autofill:
316316

317317
# Security and Privacy Considerations # {#security-privacy}
318318

319-
## Timing Attacks ## {#timing-attacks}
320-
321319
The {{AutofillEvent}} exposes autofill values to JavaScript before they are committed to form
322320
fields. User agents SHOULD ensure that the event is only fired after explicit user consent to
323321
autofill has been given (e.g., by selecting an autofill suggestion from a dropdown).
324322

323+
The data passed to the event is limited to data that the user agent intends to fill into forms on the page, given that the API shape requires an element as the key to the autofill values.
324+
325+
Note that when the event fires after a `refill()` call, the form is likely to include new fields that weren't present the first time the user agent filled the form. The user agent should
326+
still consider user consent before filling in the new form fields, as is already the case for automatic refills in user agents that support them.
327+
325328
## Third-Party Autofill Providers ## {#third-party-providers}
326329

327330
Browser extensions and third-party autofill providers (such as password managers) can

0 commit comments

Comments
 (0)