Project

rails-hidden_autocomplete

0.0
No release in over a year
rails-hidden_autocompletepodqueue/rails-hidden_autocompleteHomepageDocumentationSource CodeBug TrackerWiki
rails-hidden_autocomplete is a Rails-modifying Rails Engine to inject the autocomplete="off" attribute into all hidden form inputs generated by Rails. This is necessary because Firefox will randomly overwrite the values of hidden inputs without an autocomplete="off" attribute.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
7,010
Stars
5
Forks
1
Watchers
1
 Releases
Current version
0.4.0
Total releases
5
First release
2021-09-19
Latest release
2021-09-22
 Issues
Open Issues
1
Closed Issues
2
Total Issues
3
Issue Closure Rate
66%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2021-09-24
Reverse Dependencies
0

 Dependencies

Development

sqlite3
>= 0
gem-release
>= 0

Runtime

rails
~> 6.1
 Project Readme

rails-hidden_autocomplete

This is a Rails 6.1 plugin to add autocomplete="off" to all hidden form inputs generated by Rails. This is necessary because Firefox has a longstanding bug where it may populate hidden inputs without autocomplete="off" with completely random values. Since Rails uses hidden fields extensively for CSRF protection and non-standard HTTP methods, this issue is also tracked in the main Rails tracker here: add autocomplete="OFF" to firefox-proof automagically added hidden fields like method

You can read the announcement blog post here: https://blog.podqueue.fm/2021/09/19/giving_back_to_rails_with_rails-hidden_autocomplete/

This work has also been refactored into a Rails PR, which has now been merged: rails/rails#43280

NOTE: This behavior is now included by default in Rails 7+.

Usage

Using this plugin from a Rails 6.1 application should automatically override Rails methods which generate hidden form inputs to add an autocomplete="off" attribute.

Installation

Add this line to your application's Gemfile:

gem 'rails-hidden_autocomplete'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rails-hidden_autocomplete

Contributing

If you find a place that still emits hidden form inputs without an autocomplete="off" attribute, please feel free to submit a pull request to cover it.

License

The gem is available as open source under the terms of the MIT License.