From af043ee31b7c9fccb12dceb8a3625a9d0f5c9d24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20E=C3=9Fl?= <indy.essl@gmail.com>
Date: Tue, 15 Oct 2019 14:09:24 +0200
Subject: [PATCH] [BUGFIX] Disable browser autofill feature for the honeypot
 field
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use the form element name for the autocomplete html attribute
for honeypot fields to prevent browsers "autofill" feature
to fill the honeypot field.

Resolves: #89420
Releases: master, 9.5
Change-Id: Ifee039477e1070043fdd0007340a95799dac5b6f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62000
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Björn Jacob <bjoern.jacob@tritum.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Björn Jacob <bjoern.jacob@tritum.de>
Reviewed-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>
---
 .../form/Resources/Private/Frontend/Partials/Honeypot.html    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/typo3/sysext/form/Resources/Private/Frontend/Partials/Honeypot.html b/typo3/sysext/form/Resources/Private/Frontend/Partials/Honeypot.html
index cc9a1c7ac322..c1bbf541c72e 100644
--- a/typo3/sysext/form/Resources/Private/Frontend/Partials/Honeypot.html
+++ b/typo3/sysext/form/Resources/Private/Frontend/Partials/Honeypot.html
@@ -1,10 +1,10 @@
 <html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers" xmlns:formvh="http://typo3.org/ns/TYPO3/CMS/Form/ViewHelpers" data-namespace-typo3-fluid="true">
 <f:if condition="{element.properties.renderAsHiddenField}">
     <f:then>
-        <f:form.hidden property="{element.identifier}" id="{element.uniqueIdentifier}" additionalAttributes="{autocomplete: 'off'}" />
+        <f:form.hidden property="{element.identifier}" id="{element.uniqueIdentifier}" additionalAttributes="{autocomplete: element.identifier}" />
     </f:then>
     <f:else>
-        <f:form.textfield property="{element.identifier}" id="{element.uniqueIdentifier}" class="{element.properties.elementClassAttribute}" additionalAttributes="{autocomplete: 'off', aria-hidden: 'true'}" tabindex="-1" style="{element.properties.styleAttribute}" />
+        <f:form.textfield property="{element.identifier}" id="{element.uniqueIdentifier}" class="{element.properties.elementClassAttribute}" additionalAttributes="{autocomplete: element.identifier, aria-hidden: 'true'}" tabindex="-1" style="{element.properties.styleAttribute}" />
     </f:else>
 </f:if>
 </html>
-- 
GitLab