From c15a2d76f3805d76e4b546c2b627b28675ba845b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Galeran?= Date: Tue, 21 Oct 2025 22:26:49 +0200 Subject: [PATCH 1/4] feat(suggest) disable autocomplete Closes https://github.com/datenanfragen/website/issues/1167 Set attributes to avoid autocompletion on the form This is to avoid private data to be submitted (e.g. via a Password Manager) --- src/suggest-edit.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/suggest-edit.js b/src/suggest-edit.js index a1eba9ae4..039f6ec69 100644 --- a/src/suggest-edit.js +++ b/src/suggest-edit.js @@ -145,11 +145,23 @@ function renderForm(schema, company_data = undefined) { } } }); + + // Create and render form bf = BrutusinForms.create(schema); bf.render( document.getElementById('suggest-form'), company_data || (PARAMETERS['name'] ? { name: PARAMETERS['name'] } : {}) ); + + // Set attributes to avoid autocompletion on the form + // This is to avoid private data to be submitted (e.g. via a Password Manager) + document.querySelectorAll('.brutusin-form form').forEach((el) => { + el.setAttribute('autocomplete', 'off') + el.setAttribute('data-1p-ignore', 'true') + el.setAttribute('data-lpignore', 'true') + el.setAttribute('data-protonpass-ignore', 'true') + }); + suggestSimilarNamedCompanies(); } From b8edaf85085e0cdb6ec6988aabbc3d1d47292d6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Galeran?= Date: Tue, 21 Oct 2025 20:47:29 +0000 Subject: [PATCH 2/4] formatting for CI check --- src/suggest-edit.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/suggest-edit.js b/src/suggest-edit.js index 039f6ec69..fafca5c17 100644 --- a/src/suggest-edit.js +++ b/src/suggest-edit.js @@ -152,16 +152,16 @@ function renderForm(schema, company_data = undefined) { document.getElementById('suggest-form'), company_data || (PARAMETERS['name'] ? { name: PARAMETERS['name'] } : {}) ); - + // Set attributes to avoid autocompletion on the form // This is to avoid private data to be submitted (e.g. via a Password Manager) document.querySelectorAll('.brutusin-form form').forEach((el) => { - el.setAttribute('autocomplete', 'off') - el.setAttribute('data-1p-ignore', 'true') - el.setAttribute('data-lpignore', 'true') - el.setAttribute('data-protonpass-ignore', 'true') + el.setAttribute('autocomplete', 'off'); + el.setAttribute('data-1p-ignore', 'true'); + el.setAttribute('data-lpignore', 'true'); + el.setAttribute('data-protonpass-ignore', 'true'); }); - + suggestSimilarNamedCompanies(); } From df13b7af4a6208fdf0ac129f51c9b82261aa0943 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Galeran?= Date: Thu, 23 Oct 2025 10:36:36 +0200 Subject: [PATCH 3/4] Update src/suggest-edit.js Co-authored-by: Benjamin Altpeter --- src/suggest-edit.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/suggest-edit.js b/src/suggest-edit.js index fafca5c17..1f84c0145 100644 --- a/src/suggest-edit.js +++ b/src/suggest-edit.js @@ -155,7 +155,7 @@ function renderForm(schema, company_data = undefined) { // Set attributes to avoid autocompletion on the form // This is to avoid private data to be submitted (e.g. via a Password Manager) - document.querySelectorAll('.brutusin-form form').forEach((el) => { + document.querySelectorAll('form.brutusin-form').forEach((el) => { el.setAttribute('autocomplete', 'off'); el.setAttribute('data-1p-ignore', 'true'); el.setAttribute('data-lpignore', 'true'); From 4bbf242544a6835bc9d02789f33c032ca17253c6 Mon Sep 17 00:00:00 2001 From: Benjamin Altpeter Date: Thu, 23 Oct 2025 15:08:23 +0200 Subject: [PATCH 4/4] squash me: set attr on inputs, source comments --- src/suggest-edit.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/suggest-edit.js b/src/suggest-edit.js index 1f84c0145..e399ab077 100644 --- a/src/suggest-edit.js +++ b/src/suggest-edit.js @@ -155,11 +155,16 @@ function renderForm(schema, company_data = undefined) { // Set attributes to avoid autocompletion on the form // This is to avoid private data to be submitted (e.g. via a Password Manager) - document.querySelectorAll('form.brutusin-form').forEach((el) => { + document.querySelectorAll('form.brutusin-form input, form.brutusin-form textarea').forEach((el) => { el.setAttribute('autocomplete', 'off'); - el.setAttribute('data-1p-ignore', 'true'); + // https://developer.1password.com/docs/web/compatible-website-design/#ignore-offers-to-save-or-fill-specific-fields + el.setAttribute('data-1p-ignore', ''); + // https://support.lastpass.com/s/document-item?language=en_US&bundleId=lastpass&topicId=LastPass%2Fc_lp_prevent_fields_from_being_filled_automatically.html&_LANG=enus el.setAttribute('data-lpignore', 'true'); + // https://stackoverflow.com/a/51272839 el.setAttribute('data-protonpass-ignore', 'true'); + // https://github.com/bitwarden/clients/blob/e1415af407fef139fb69126349e5cc6d286f4474/apps/browser/src/autofill/services/collect-autofill-content.service.ts#L884-L889 + el.setAttribute('data-bwignore', 'true'); }); suggestSimilarNamedCompanies();