为什么我网站上的所有 html 表单都禁用 Internet Explorer 自动完成功能?
当为表单打开 Internet Explorer 自动完成功能时,HTML 表单中每个字段的条目应被缓存,并在用户第二次开始在表单中输入内容时显示为提示。
在我的网站上,该网站上存在的任何表单都不会显示自动完成功能。 但其他网站却毫无问题地保留并提供该内容。
我的网站使用 PHP 作为脚本语言,所有内容均通过 SSL 交付。
When Internet Explorers AutoComplete is turned on for Forms the entries for each field in the HTML form should be cached and displayed as a prompt when the user starts entering content into the form the second time around.
On my website the AutoComplete feature is never displayed for any forms that exist on that site. But yet other websites retain and deliver that content without problem.
My site is using PHP as the scripting language and all content is delivered over SSL.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我已确定问题与发出 start_session() 命令且站点运行 SSL 时 PHP 发送的缓存标头有关。
我联系了 Microsoft IE 安全团队的一个人,他们已经确认 IE 应该是这样工作的。 这是电子邮件中的直接引用。
自动完成系统的一项功能。编写了重要的代码以使其表现出这种方式。”
“这被认为是 php 发出的默认 http 标头是无缓存标头。 这是微软代表的另一句话。
如果安全页面显示“不要缓存我”,则表明该数据是敏感的,因此自动完成数据本身可能是敏感的。 诚然,这是一个简单的启发式方法。 就我个人而言,我认为这有点愚蠢,但它一直存在。
支持“autocomplete=on”来覆盖默认启发式可能是一个很好的建议。
为了重新启用自动完成功能,我必须在 之前在 php 中发出此命令> start_session() 命令:
我确信还有其他方法可以操作标头缓存控件,以允许自动完成功能也发挥作用。
这里是我制作的 3 个示例表单的链接,以便您可以使用 IE 进行测试。
I have determined that the problem is related to the Cache-Headers PHP sends out when the start_session() command is issued and the site is running SSL.
I have been able to get a hold of a person on the IE security team at Microsoft and they have confirmed that this is how IE is supposed to work. Here is a direct quote from the email.
"This is considered a feature of the autocomplete system. Significant code was written to make it behave this way."
When session_start(); is issued the default http headers php sends out are a no-cache header. Here is another quote from the Microsoft representitive.
If a secure page says "Don't cache me", that's an indication that the data is sensitive, and hence the autocomplete data itself is likely sensitive. Admittedly, it is a simple heuristic. Personally, I think it's a bit silly, but it's been there forever.
It's probably a good suggestion to support "autocomplete=on" to override the default heuristic.
In order to re-enable the autoComplete feature I had to issue this command in php before the start_session() command:
I'm sure there are other ways of manipulating the header cache-controls to allow the autoComplete to function as well.
Here is a link to 3 examples forms I made so you can test with IE.
dgavey - 你们的表格是如何提交的? 微软对这个微妙的问题并不太清楚,但是;
为了这个工作!
当然,除非您像每个网站一样喜欢设计自己的表单,非常感谢您,因此您将需要此技巧来使 IE 表现良好。
http://webbugtrack.blogspot.com/ 2007/08/bug-137-ie-autocomplete-hardly-ever.html
指向 知识库文章,其中 MS 解释了这种非常奇怪的行为。
dgavey - how are your forms being submitted? Microsoft isn't overly clear about this subtle issue, but;
for this to work!
Unless of course you are like every site out there that likes to design their own forms thank you very much, and thus you'll need this hack to make IE behave.
http://webbugtrack.blogspot.com/2007/08/bug-137-ie-autocomplete-hardly-ever.html
which points the KB article here, where MS explains this really odd behavior.
您的表单元素中是否有
autocomplete="off"作为属性?Do you have
autocomplete="off"as an attribute in your form elements?使用 SSL 时,IE 中不使用自动完成功能(在您的标签中提到,但在您的问题中没有提到)。
Autocomplete is not used in IE when using SSL (which is mentioned in your tags, but not in your question).