Hello, Mike, > Hi Jaeyong, > > On 8/16/21 10:27 AM, Jaeyong Bae wrote: > > > *Contact emails *[email protected] > > Summary > Remove pseudo classes :-internal-autofill-previewed and > :-internal-autofill-selected. > Un-expose these two classes and make them available for UA stylesheets > only. > > Each class represents: > :-internal-autofill-previewed class - fields are filled when hovering over > an autofill suggestion > :-internal-autofill-selected - fields are filled with a selected autofill > suggestion > > Motivation > Although being -internal-prefixed pseudo classes, these two pseudo classes > have erroneously been exposed for author use. It can be used by a side > channel to extract information from autofill before the user decides to > disclose it to the website. Those pseudo classes should be only allowed in > UA sheets. -internal prefix is used means that we did not intend to expose > in the first place. So, there are no :-webkit-* versions of those. > > Interoperability and Compatibility Risk > Edge: Not supported > Firefox: Not supported > Safari: Not supported > > Alternative implementation suggestion for web developers > The default styling does not get overridden in preview state and selected > state. > Only can use :-webkit-autofill pseudo-classes for autofilled state > (matched input elements which have been autofilled by user agent). > > Usage information from UseCounter > There is no estimated data from UseCounter. > > <thinking outloud> > > Do we think its worth adding one? Or perhaps looking for usage in > HTTPArchive as a proxy? I suspect fallout from removing this feature would > be pretty minimal - designs might look different in some cases, so perhaps > side-channel concerns are overriding here. Not sure if outreach would even > be worthwhile, were we to find a popular site or library using this, since > there's no recommended alternative. > > </thinking outloud> > I also wonder if it's worth adding one as there is no alternative at this time. It seems like a decision will need to be made depending on the severity of the side-channel concerns.
> Entry on the feature dashboard > https://chromestatus.com/feature/5778154275733504 > > Is there a crbug where interested folks can follow along? > Here it is. https://bugs.chromium.org/p/chromium/issues/detail?id=951476 > thanks, > Mike > thanks, Jaeyong -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/917260d2-e92b-4cbb-954a-40277f1ad1f3n%40chromium.org.
