A website may have an <input type="password"> that is dynamically changed to an <input type="text"> when the user clicks on an eye icon to reveal the password.
This means that the text input field now has the user's password which is susceptible to learning for autofill and the Android keyboard.
We should label text track the past state of input field and prevent learning if a field has ever been a password field.
A website may have an <input type="password"> that is dynamically changed to an <input type="text"> when the user clicks on an eye icon to reveal the password.
This means that the text input field now has the user's password which is susceptible to learning for autofill and the Android keyboard.
We should track the past state of input field and prevent learning if a field has ever been a password field.
Comment 1 by battre@chromium.org
, Dec 14 2017