Autocomplete Always On!


Screenshot of Safari AutoFill preference panel

What this program does

Patches WebCore (SafariÕs HTML engine) to ignore the ÒautocompleteÓ flag (a non-standard HTML extension of IE) used by some banks and other web sites to disable a browserÕs AutoFill feature on certain pages.

Note: Please be sure you have the ÒUser names and passwordsÓ checkbox selected in the AutoFill Safari preference pane, otherwise it wonÕt make any difference whether you apply this patch or not!

About security

While the Òautocomplete=offÓ gimmick might increase security for a malware infested OS like Windoze, the opposite is true for a secure OS like MacOS X. Use of this flag is actually a security risk for the Mac user because it encourages users to use weak passwords, or to save them on disk as a plaintext file. Passwords are far more secure sitting encrypted in the MacÕs Keychain (which Safari uses to store this kind of information). If you donÕt have to remember and type in the password manually, you are far more likely to use a strong password.

Open source

Autocomplete Always On! is open source. ItÕs an AppleScript Application and is not saved as ÒRun OnlyÓ, so all you have to do is drop it on top of AppleÕs Script Editor app (in Applications -> AppleScript) to see its source code.

Theory of operation

Only two bytes are changed in the WebCore file. There are two instances of the word ÒautocompleteÓ in the WebCore file which are surrounded by null characters. One consists of all lower-case characters, the other of all upper-case characters. In both instances we change the ÒAÓ character to a lower-case ÒxÓ. This effectively disables checking for the Òautocomplete=offÓ flag, so the flag is ignored. We use a one-line perl search-and-replace call to make the patch (and create a backup, if requested), so this program is not dependent on a particular build of WebCore (i.e. we do not assume an absolute location of the bytes to be changed).

Before applying the patch, we first check for the ÒautocompleteÓ markers, and exit if none are found. This makes it safe for the user to run this program on a previously patched WebCore. This also prevents over-writing the backup file with a copy of the patched WebCore file. If WebCore is unpatched, the user is offered the option to create a backup of the WebCore file. Since it is unlikely the user will want to revert from this patch, since there is little which can go wrong in the patching process, and since the WebCore file is in a hard to reach location in the bowels of the system, creating a backup is not the default.

If Safari is active while WebCore is patched, Safari will likely not notice the changes until it is restarted. Therefore a check is made to see if Safari is active and, if it is, an offer is made to restart it.

Compatibility

This program was designed for Tiger (MacOS X 10.4), but will probably work for later versions if Apple doesnÕt change the location or format of the WebCore file (and if Apple does, this program will refuse to patch the file, so it should be safe to try). HasnÕt been tested with earlier OS versions, but may work (Panther may require full pathnames in the do shell script calls, however).

Requirements

Requires perl, which is installed as part of the BSD system.

Copyright and Warranty Disclaimer

Written by Michael Kisor. All rights reserved. Copyright © 2006 by Michael Kisor. Use at your own risk.

This program is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Download Now


Visit: A Guide to “Things Macintosh” on the Net...

This page was last updated on 8-April-2006