"Phil Harris" wrote Why not just turn off the auto-completion?
on every browser, everywhere in the world, that might access our site? quite a lot of the traffic we expect to be from internet cafes and other sites where the machines are shared, and poorly maintained... some research turned up a new option for input type=text of "autocomplete". testing here seems to show that it doesn't actually do anything.
one of the customer service people here just pointed out something of a horror problem (a week before go-live, yay).
IE5 appears to have a client-side cache of form entry values - so if someone returns to a page, they get a drop-box of previously entered values for this form field - this occurs even on a form accessed by https. To say that I'm somewhat unimpressed by this utter misfeature is something of an understatement. Imagine a kiosk setup, with a registration screen prompting for (amongst other things) a credit card number. Gee, let's use one someone entered earlier - pull down a little scrolly box.
aiieieieie. One thought that comes to mind is to make the form field name be a name with a random bit on the end. (Another thought that came to mind was to do a drive-by on the local MS office.) Anyway, the reason for the zope-post is that I'm thinking of hacking the field name converting so that you can do fieldname:type:end:anything and just finish looking for the type name after it hits the 'end' tag.
This is a 3 line patch to ZPublisher/HTTPRequest.py - would it offend anyone if it was added?