No release in over 3 years
Low commit activity in last 3 years
rails-hidden_autocomplete is a Rails-modifying Rails Engine to inject the autocomplete="off" attribute into all hidden form inputs generated by Rails. This is necessary because Firefox will randomly overwrite the values of hidden inputs without an autocomplete="off" attribute.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

~> 6.1
 Project Readme

rails-hidden_autocomplete

This is a Rails 6.1 plugin to add autocomplete="off" to all hidden form inputs generated by Rails. This is necessary because Firefox has a longstanding bug where it may populate hidden inputs without autocomplete="off" with completely random values. Since Rails uses hidden fields extensively for CSRF protection and non-standard HTTP methods, this issue is also tracked in the main Rails tracker here: add autocomplete="OFF" to firefox-proof automagically added hidden fields like method

You can read the announcement blog post here: https://blog.podqueue.fm/2021/09/19/giving_back_to_rails_with_rails-hidden_autocomplete/

This work has also been refactored into a Rails PR, which has now been merged: rails/rails#43280

NOTE: This behavior is now included by default in Rails 7+.

Usage

Using this plugin from a Rails 6.1 application should automatically override Rails methods which generate hidden form inputs to add an autocomplete="off" attribute.

Installation

Add this line to your application's Gemfile:

gem 'rails-hidden_autocomplete'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rails-hidden_autocomplete

Contributing

If you find a place that still emits hidden form inputs without an autocomplete="off" attribute, please feel free to submit a pull request to cover it.

License

The gem is available as open source under the terms of the MIT License.