 diri sendiri dan berbicara okey sesuatu kepercayaan, semua selamat datang saya nak beritahu segalanya yang berlaku jahit jahit saya akan melihat okey jadi saya akan duduk okey jadi saya akan bercakap daripada auto-fuel yang adalah saya akan bercakap tentang detailsator, jadi saya adalah Shawan sejak saya bekerja di bank jadi ini penting jadi apa-apa yang saya katakan tidak mempunyai empu-pembu saya dan saya rasa anda semua berminat dengan perkara ini di mana-mana-mana di browser jadi ia sangat menyenangkan untuk anda memperkenalkan pembentangan pembentangan yang beritahu tentang segala-galanya tentang anda, jadi ini membantu tapi saya tidak akan bercakap bagaimana baik itu ia akan berbual-bual bagaimana saya memperkenalkan jadi di sini dalam kerja saya dan kemudian ada beberapa perkembangan yang berkata pasal tidak sepatutnya ingat atau tidak sepatutnya auto-fuel jadi anda bekerja di bank dan anda memperkenalkan auto-fuel yang orang berjaya jadi bank orang berjaya juga itu bagaimana bank berjaya apa-apa jadi dengan itu kemudian saya pergi ke pembentangan yang terbaik di web semua yang saya perlu lakukan adalah lakukan auto-fuel dan ada beberapa perkara lain seperti auto-fuel tidak tapi semua itu tidak berfungsi tiba-tiba jadi katakan ini adalah pembentangan default katakan saya memperkenalkan dan saya katakan kemudian saya mengatakan kemudian perkara lain adalah auto-fuel dan mari kita pergi ke pembentangan yang terbaik ini ialah pembentangan saya katakan katakan ini anda dapat lihat? jadi saya katakan ini apa yang diperkenalkan oleh Mozilla jadi betul? iya apa yang dikatakan adalah jika anda memberikan percaya bahawa itu salah dia tidak lihat Firefox ini auto-fuel pembentangan oleh Mozilla tidak menggunakan pembentangan mereka ini pembentangan yang terbaik apa? mereka benar-benar memperkenalkan iya saya rasa itu bukan itu tidak dikatakan iya, mereka tidak memperkenalkan bila itu? nahh terakhir jadi itu tidak berfungsi dan anda dapat melihatnya online dan orang akan berkata pembentangan ini penting dan bank dan institusi ini membuat ini untuk pembentangan jadi itu sebabnya pembentangan browser tidak membuat anda mengambil iya sebabnya pembentangan oleh pembentangan browser tidak adalah pembentangan yang terbaik untuk mempunyai orang yang lebih serius daripada ia adalah Autofill kerana masa ini dibuat dan CCTV dapat mengambil hei, ia hanya berlaku untuk kembali iya jadi iya, itu saya dan ada orang yang sangat baik membuat pembentangan mereka pada Giz jadi anda dapat mencoba pembentangan ini tapi saya akan beritahu anda, ia tidak berfungsi kerana pembentangan berkembang dan mereka dapat beritahu bahawa jika anda menyebabkan pembentangan atau pembentangan saya tidak tahu tentang kecuali sehingga pembentangan itu berkembang ia masih Autofill saya boleh membuatkan kenapa ia sebenarnya membuat pembentangan ini di tempat yang pertama kenapa ia membuatnya menerima jadi membuatnya memlukan pembentangan untuk mengutulkan pembentangan itu tapi bukan nama nama kebentangan itu tidak penting kerana saya katakan anda membangkirkan rakyat mencari kadang-kadang pembentangan itu tidak mempunyai nama sesuatu macam mungkin anda membuat anglular, n.g model saya rasa bagaimana pembentangan itu mengakimati Jadi, kita tidak mengikuti e-mails. Tidak, tidak penting. Jadi jika nama adalah bin, P-P-I-N, P-P, atau apa-apa pun, sejauh-jauh, sejauh-jauh ini adalah kombinasi dari teks dan pasal, atau sejujurnya, pasal hanya akan lakukan, kemudian browser akan cuba mempercayai. Ya. Jadi, seperti, peringatan yang tersebut tidak mempercayai pasal untuk menjadi selamat, kan? Sejujurnya sudah selamat. Dan kemudian sekarang anda mahu menghentikan. Untuk mempercayai. Kemudian ini adalah keputusan untuk mengambil keadaan itu. Jadi, kita mengambil kedua-duanya. Dan saya akan tunjukkan kepada anda yang adalah hidup. Saya tidak mempercayai. Ya. Chrome tidak mempercayai. Saya ingat sebuah browser tidak mempercayai. Mari kita lihat. Tersenang-senang. Ada sesuatu yang digunakan? Hei! Kenapa tidak mempercayai? Baik lagi. Saya tidak tahu kenapa. Jadi, anda mempercayai sebuah peringatan yang digunakan untuk mempercayai sebelum keadaan yang sebenar, kan? Ya. Jadi, ya. Anda mengambil kedua-duanya keadaan dan keadaan. Jadi, kami akan mempercayai kedua-duanya. Bagaimana dengan Safari? Ia tidak mempercayai sekarang. Bagaimana? Ia mempercayai server anda? Ia... Ia mempercayai. Tidak. Ia adalah sebuah peringatan yang digunakan. Jadi, saya dapat menunjukkan perjalanan anda. Itu sebuah peringatan. Ia bukan peringatan kita. Ia hanya sebuah peringatan Python Http. Baiklah. Saya akan mempercayai. Bagaimana dengan untuk mempercayai sebuah peringatan? Hei? Ia mempercayai. Ia mempercayai sebuah peringatan. Ia mempercayai. Itu sesuatu yang terlalu menarik. Bagaimana denganite?μαι percayai sekarang! Ia mempercayai. Saya akan mempercayai. Bagaimana dengan untuk mempercayai? Ia mempercayai pengisi jaringan. Ia mempercayai. Ya, so this one is a trick. Is that a standard framework? Apparently this only works for Chrome. I think if you use this, then Safari will try to fill in. I can't remember but only Chrome recognize it. New password? Ya. Okay, so what about the other browser? The other browser doesn't. Okay. Okay, so now we fix the problem. Okay, this is me with browser. Okay, so we just confuse the browser already. But then you can see this, right? Okay, so like all this. It's a no-no. Ya, everybody wants to say the problem. Also you don't want to even trigger the pop-up. Ya. Is that even possible? Well, possible. Tolong jelaskan juga. Mungkin anda boleh menghubungi pop-up. Okay, so usually this kind of case, we will talk to the boss, right? It's not a problem, right? It's not auto-filling. People are not getting their password auto-filling. No. Okay, doesn't need me to help you Google. I'm just like going to go through my day more. So the first solution was suggesting that let me focus back on the first solution. So it says that you should set read-only to your field to confuse browser again. Then when you focus, then you remove it. How do you have a focus event in something that's free? We only can be focused. So that the screen reader when they tap through, then it will still read it out. Okay, this is what? Kind of. Are you resetting the read-only upload? No, doesn't need to. I tried resetting it, it's the same. Same issue. So on focus, this is the remove attribute. Read-only. Do you need to cap the case O? No. Is this your JavaScript? No, it's HTML. It doesn't matter. Trust the man that works in the back. He trust to pay. Local host. This is recorded. There's no password. It's just this. Testing, testing. Okay, it doesn't work for Chrome. It's showing this. I think I haven't finished the solution. You have to do things like... The type has to be button. So it's not going to submit a form? On click. Technically you are not going to submit a form. You have to use Ajax to submit. Oh no. If you put a button in a form, it will submit a form by default. It becomes a submit. So browser would detect that a form is submitted. Then it would try to save. So we have to do... Let's say you are going to do it with Ajax. I'm just going to redirect. Next.html. Like this. Then you will work. This solution is not going to work for Chrome. Just like this is showing. It would try to remember whenever you type something. So before you submit it, it's going to do something? So... So it's not prompting. Then Safari would still be trying to save. So the first solution doesn't work. Then let's try this. So essentially it's saying that you should set your password feel to be text. And then mask it with the disk. So... I think just do this. I need to do like copy paste. Installed. So the type has to be text. Ya. Data. Equal to password. For styling. Not finished, not finished. We need a render specific check. Ya. But what to do? Because it comes in as a regulation consideration. So you need this. Else Firefox will not work. Firefox will be showing your password in plain test. Oh. So you need to do this. So in plain test. Ya. There are solutions around it as well. People say that you track whatever people is typing in in memory instead of flipping. But then you have to track where is the cursor. When they delete. It's too troublesome for me. There will be even more tedious. But you create a box with key press events and write key press events. How do you track the cursor? Key press events. Ya, see you track. No, say somebody click outside and click in again. Ya. Where is your cursor? I'm just trying to think how you could possibly pass what you could do. It will be like a few thousand lines of code trying to do this kind of. The man works in a pen. He's already thought about this. Okay, let's try in Chrome and see whether it's still sharing that. Key. Oh, it's not. So we managed to track Chrome. Just try that it's sharing the digs. But apparently Safari still have the problem. So what I suspect about Safari is that the moment that you put anything into something that looks at password field I think even if you set it to content-additable then you style it with the digs, it will think that you're typing a password. And the moment that you redirect from one page to the other then it will pop. So I still haven't got a solution for Safari. There are some banks that locally they managed to get around this because they are signing page redirect to the same page. So if you post it to the same page then it's not going to prompt. And then the whole page is the whole PENGING website is iFrame. So there's no redirection and that's how they managed to get around it. Do you have to test with password managers like one password or the last password? I do have the last password installed. I think what they are looking at is as long as you type something in the password field then they will prompt. Because they don't have the luxury to access the underlying interfaces. So you don't think they managed to know about such things? No. Is this solution for you Jawa Secret Manager? Like I said, how do you track the cursor? It's not about tricking cursor. It's more like I think if I do it right now I'll probably do something like that. When the user inputs you actually not submitting the data protein. You actually will make the words so I'll convert in the password form. And then when you submit that it doesn't work. It doesn't work. But still you have an input password unless the whole thing is like fake. IE 9 Why? Because sometimes IE doesn't really recognize the attributes. Okey. We only need to support IE 11. We can just style the attribute. So I thank you. So now we just submit your solution to the old browser as a bug. No. There's already a bug there and there's even a W3C discussion that they decided to ignore the auto-complete-off thing. Like I said just now it's more serious than typing out password in the public than in the auto field. They think the user doesn't know how to make the choice. So this is the thing that auto field was brought in for the good reason of letting you auto-fill things. And you can turn it off if it was a password. So turning a new password you've got the horrible pattern where you set a password once and twice. Maybe you don't want to remember that one because that's just setting a password that's not actually entering it. So the reason that auto-fill was brought in was for that particular service. To separate feature, auto-fill is for form auto-filling. Then this password saving is another feature. But it was all to do with password-saving. The reason auto-fill was meant to contain an earlier build of even Metscape I think you had to use a profile and you could put your name and address and try to find stuff on the field and fill it out for you. So far it does this pretty well and it runs for quite well. So that's the goal of the browsers. And the idea of the auto-fill is that this particular field don't prompt me for my name just because it says name. So you might be filling something where it doesn't want your name but just wants a name. That's when you want to turn on a fill-off. So that's the intent behind the spec. But because it's been so badly abused by fakes that basically said and for security's sake letting people not have to remember passwords and type them out. But they are like finding people keep repeating their passwords. So one of the good thing about password manager is that even for Safari and I don't know about Chrome they will give you the option to generate a new password when you sign up for something. Then that is how you increase the security of your accounts. You are using a different password. So it's less likely that people can steal your password because you don't even know your password. But this is exactly what the browser is fighting against what you're trying to do so they can have proper password with security. Why banks insist on bad security? I don't know. It's a regulation. Congratulation, proven by bad security. Okay. It's a conclusion. Is this where you renounce about it or something? But the conclusion is that all these are catching out game, right? You can't really always win the browser because you are just like one person whereas for the browser vendors their whole team to study, they even control how browser works. Okay. The methods that I show today might not even... Maybe tomorrow they will patch it. Question on that. I'm sure this argument is being made but the people pushing for this surely they realise they are going to be losing sign. No. They could be people who are not tax heavy. They just know about business requirements. I'm sorry, every time it breaks to the stupid tech people can't even fix my password thing for me. Do you want to make it hard to try and defeat last pass as well? Yeah, that's what I was asking about password managers because they are really good at circumventing stuff like this. DBS prevents one password working because it disabled other things. Actually, the worst thing when banks launch in your frame and you don't have your browser Chrome so you can't invoke anything release. I think last pass work pretty well for me like it will always show the icon there. Yeah. I think last pass if you're in a journal you can save it as well. So I should be using last pass instead of one password. Too late. Thank you. I have no idea how to fix it.