autocomplete方法
对于普通的表单区域 此属性设置为 off,具有阻止浏览器记忆的功能
Setting
autocomplete="off"here has two effects:
- it stops the browser saving field data for later autocompletion on similar forms though heuristics that vary by browser.
- it stops the browser caching form data in session history. When form data is cached in session history, the information the user has filled in will be visible after the user has submitted the form and clicked on the Back button to go back to the original form page.
但是对于登录页面,不行。
The autocomplete attribute and login fieldsEdit
Modern browsers implement integrated password management: when the user enters a username and password for a site, the browser offers to remember it for the user. When the user visits the site again, the browser autofills those login fields with the stored values.
Additionally, the browser enables the user to choose a master password that the browser will use to encrypt stored logins.
Even without a master password, in-browser password management is generally seen as a net gain for security. Since users don't have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise.
For this reason, many modern browsers do not support
autocomplete="off"for login fields.
- if a site sets
autocomplete="off"for aform, and the form includes username and password input fields, then the browser will still offer to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits this page.- if a site sets
autocomplete="off"for username and passwordinputfields, then the browser will still offer to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits this page.This is the behavior in Firefox (since version 38), Google Chrome (since 34), and Internet Explorer (since version 11).
登录页面规避记忆方法
http://www.cnblogs.com/happyfreelife/p/4240100.html
此博文推荐在 密码框前 添加一个隐藏的 密码框:
<input type="password" style="display: none;">
和ajax提交。
http://blog.csdn.net/nms312/article/details/39050419
此博文推荐在聚焦的时候 才改变输入框类型为password
<input type="text" name="password" onfocus="this.type='password'" autocomplete="off"/>
http://blog.csdn.net/ldevs/article/details/39671813
此博文推荐在提交前将密码框清空, 实际提交的密码使用隐藏的 hidden控件。
此法逻辑上更加自然, 引入一个提交用的隐藏控件, 清空可见控件,并改变可见控制内容为空。 推荐!!
很多浏览器都会记住用户密码,如果偶尔在一台机器上登录系统密码容易被记住,别人能轻松登录,通过以下方法可以轻松防止密码被浏览器记住,被他人非法使用
1、使用随机数生成方式生成一个随机数加上前缀生成一个密码输入框的id
id 如 PWD_12332
<input type="password" id="PWD_12332" />每次都是不同的id做密码框的id
2、实际密码提交的文本框隐藏
<span style="font-size:18px;"><input id="password" name="password" type="hidden" /></span>3、表单提交前将 密码输入框的内容 搬到隐藏的文本框中
4、清空密码输入框,清空密码框后浏览器应该没东西记了。
下一次登录时密码框的id会改变,谁也不知道是什么,浏览器能知道吗,大家可以试试!!!
验证代码
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.js"></script></head>
<body>
<form action="index.php">
<input type="text" > user
<input type="password"> password
<button type="submit">submit</button>
</form>
<script>
$("[type='submit']").click(function () {
alert($("[type='password']").val())
$("[type='password']").val("") //将密码赋值为 空,则不会触发chrome记忆
alert($("[type='password']").val())//return false
})
</script>
</body>
</html>
不是每次都生效。
验证代码-修改type,完美解决方案
http://stackoverflow.com/questions/32775342/how-to-disable-chromes-saved-password-prompt-setting-through-javascript?answertab=oldest#tab-top
https://github.com/cloudfour/hideShowPassword/issues/1
https://www.bing.com/search?q=type+property+can%27t+be+changed&pc=MOZI&form=MOZSBR
https://developer.mozilla.org/zh-CN/docs/Web/JavaScript/Reference/Statements/try...catch
/*
动态检测浏览器能力,是否支持 input type类型(text和password)互相转换。
*/
function CanTextAndPasswordSwitch_InputType()
{
var pass = document.createElement('input');
pass.type = 'text';
pass.style.display = "none";
document.body.appendChild(pass);
var retVal = true;
try
{
/* IE7 IE8此语句会报js错误,走catch分支 */
pass.type = 'password';
if ( "password" == pass.type )
{
/* console.log(" input type text to password allow! "); */
/* password转换为text类型测试 */
pass.type = 'text';
/* text 和 password 类型可以互转 */
if ( "text" == pass.type )
{
retVal = true;
}
else
{
retVal = false;
}
}
else
{
/* console.log(" input type text to password not allow! "); */
retVal = false;
}
}
catch(e)
{
/* console.log(" input type text to password not allow! exception"); */
retVal = false;
}
document.body.removeChild(pass);
return retVal;
}
<input type="password" name="Frm_Password" id="Frm_Password" autocomplete="off" class="w180"/>
方案:绕开chrome的记忆密码规则,在页面初始化过程中,设置密码框为 text,
当光标落入密码框,再将类型修改为 password。
参考:http://blog.csdn.net/nms312/article/details/39050419 */
if ( CanTextAndPasswordSwitch_InputType() ) {
var passwordObj = document.getElementById("Frm_Password");
passwordObj.type = "text";
passwordObj.onfocus = function () {
this.type = "password";
}
}