pierre@ - Thanks for filing the issue...!!

Could you please provide a sample test file or url to test the issue from TE-end. This will help us in triaging the issue further.

Thanks...!!

@krajshree this issue cannot be replicated with a sample test file unfortunately.

In order for autofill to save the credentials there needs to be some sort of a backend infrastructure in place.

I can host the page and put a link to it here if that's allowed. Otherwise I don't know how I could proceed to put a valid test case together.

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I added a test case online hosted on github.io

Go to: https://lgse.github.io/chrome-issue-904180/

Then enter a fictitious username/password and hit submit, you will then be prompted to save the password by chrome for future autofill.

Go back to the original page https://lgse.github.io/chrome-issue-904180/ and you will see your credentials being autofilled into the form despite having the autocomplete="off" tag appended.

For the record, I've been following this issue for quite some time now and it seems as if Chrome has made it impossible for developers to disable autofill entirely and this is a security issue as I stated in my original post.

I'm fully aware that it was done to provide a better experience to the end user. In this case, I'm building an enterprise grade applications and the autofilling violates security policies.

Please enable the developer to stop autofill behavior entirely.

Tested the issue on win-10 using chrome reported version #70.0.3538.77 and latest canary #72.0.3608.0.
Attached a screen cast for reference.

Following are the steps followed to reproduce the issue.
------------
1. Navigated to https://lgse.github.io/chrome-issue-904180/
2. Entered a fictitious username/password and hit submit.
3. Saved the password.
4. Navigated back to the original page https://lgse.github.io/chrome-issue-904180/
5. Observed that credentials have been autofilled into the form.
Note: Same behavior is observed from M-60 chrome builds.

pierre@ - Could you please check the attached screen cast and please let us know if it is the issue being observed. If not then please provide a screen cast for better understanding of the issue and please let us know if anything missed from our end in reproducing the issue.
Thanks...!!

Deleted: 904180.mp4 315 KB

	904180.mp4 315 KB View Download

Yes that is the problem @krajshree! Thank you for the screencast. 

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Unfortunately, we can't implement this for the reason you mentioned above ("it was done to provide a better experience to the end user"). We are following the Priority of Constituencies here (https://www.w3.org/TR/html-design-principles/#priority-of-constituencies). 

What's possible, is to use policies to disable the password manager in an enterprise scenario: https://www.chromium.org/administrators/policy-list-3#PasswordManagerEnabled

Maybe that helps to a certain degree. Sorry that I cannot give better news.

This is kind of crazy that you guys will basically just force down our throat what you think is best without giving any option to turn it off whatsoever.

There’s valid scenarios where it can and should be turned off.

And no, that doesn’t help me, how exactly am I supposed to go on the end user’s computer and turn that off?

Ugh