rails-hidden_autocomplete
This is a Rails 6.1 plugin to add autocomplete="off"
to all hidden form inputs generated by Rails. This is necessary because Firefox has a longstanding bug where it may populate hidden inputs without autocomplete="off"
with completely random values. Since Rails uses hidden fields extensively for CSRF protection and non-standard HTTP methods, this issue is also tracked in the main Rails tracker here: add autocomplete="OFF" to firefox-proof automagically added hidden fields like method
You can read the announcement blog post here: https://blog.podqueue.fm/2021/09/19/giving_back_to_rails_with_rails-hidden_autocomplete/
This work has also been refactored into a Rails PR, which has now been merged: rails/rails#43280
NOTE: This behavior is now included by default in Rails 7+.
Usage
Using this plugin from a Rails 6.1 application should automatically override Rails methods which generate hidden form inputs to add an autocomplete="off"
attribute.
Installation
Add this line to your application's Gemfile:
gem 'rails-hidden_autocomplete'
And then execute:
$ bundle
Or install it yourself as:
$ gem install rails-hidden_autocomplete
Contributing
If you find a place that still emits hidden form inputs without an autocomplete="off"
attribute, please feel free to submit a pull request to cover it.
License
The gem is available as open source under the terms of the MIT License.