Post 2.5 upgrade autofill problems
Posted: Sat Dec 20, 2025 6:55 am
Autofill was already a problem in 2.3, but it's worse in 2.5
Now when I create a new post, the "subtitle" gets auto-filled with a username (puzzlingly, not always mine, but that's just browser stupidity, I guess) and the password field gets auto-filled with that username's password.
It's not so bad for me, I can always clear the fields because I know about the problem (although I've been known to forget & the subtitle auto-fill was new in 2.5 so i missed it), but providing endless user support for people who aren't frequent users is a PITA.
I haven't looked at the HTML to see why the subtitle is exciting the browser's attention, but it's pretty obvious why the password field is... Honestly I do not see the need to label this as a type=password field. For a start the risk of over-the-shoulder theft when a solitary blogger creates a solitary blog entry is minuscule. And for next, it just can't be that common that a blog entry, which is kind of by nature a public thing, needs to be individually privatised. And if that *is* a necessity for a minority, OK, but the rest of us shouldn't have to remember to clear out fields that we don't want used. If that password protection is needed it should be a configuration option in settings, for those few who need it. Or make a button "Do you want to add a password to this entry?" so that there's no empty field lying around inviting trouble.
I don't agree that it's a browser issue. That's the environment & it needs to be catered for.
Now when I create a new post, the "subtitle" gets auto-filled with a username (puzzlingly, not always mine, but that's just browser stupidity, I guess) and the password field gets auto-filled with that username's password.
It's not so bad for me, I can always clear the fields because I know about the problem (although I've been known to forget & the subtitle auto-fill was new in 2.5 so i missed it), but providing endless user support for people who aren't frequent users is a PITA.
I haven't looked at the HTML to see why the subtitle is exciting the browser's attention, but it's pretty obvious why the password field is... Honestly I do not see the need to label this as a type=password field. For a start the risk of over-the-shoulder theft when a solitary blogger creates a solitary blog entry is minuscule. And for next, it just can't be that common that a blog entry, which is kind of by nature a public thing, needs to be individually privatised. And if that *is* a necessity for a minority, OK, but the rest of us shouldn't have to remember to clear out fields that we don't want used. If that password protection is needed it should be a configuration option in settings, for those few who need it. Or make a button "Do you want to add a password to this entry?" so that there's no empty field lying around inviting trouble.
I don't agree that it's a browser issue. That's the environment & it needs to be catered for.