Consider DOM autocomplete attribute values for form selection and field fill prioritisation #337
Description
So far we only use this attribute to ignore new password fields since this is what was reliably implemented on the web previously.
It is likely that enough websites now use this attribute correctly, rather than maliciously, and we therefore want to try using this DOM information in our heuristics.
We can treat any text field as a high match for the following, in order of priority (match score):
username
email
name
password fields can match "current-password"
If a field has one of these values, we can also consider that it is a valid form to be considered, even if it otherwise would be ignored (for example, this would help where a sign-in form doesn't show a password field initially). In this situation, we will consider only "username" and "email" to reduce the number of false positives of other more general purpose data gathering forms.