From 6c3bd7e4a0413d15ac516cb4bac84726612766ab Mon Sep 17 00:00:00 2001
From: Lucy Macartney <macartney.lucy@gmail.com>
Date: Thu, 16 Apr 2026 14:25:59 +0100
Subject: [PATCH 1/4] Default autocomplete="off" in shared Phoenix input
 components

Add autocomplete as an explicit attr with default "off" on input/1,
input_element/1, and textarea_element/1 in new_inputs.ex instead of
relying on static HTML attributes that can't be overridden. Add
Keyword.put_new(:autocomplete, "off") to password_field/1 and
text_field/1 in form.ex.

Remove now-redundant per-field autocomplete="off" from sandbox
components since the component default handles it.

Add ExUnit tests verifying the default and override behaviour for
both component systems.

Closes #1533
---
 lib/lightning_web/components/new_inputs.ex    | 16 +++-
 lib/lightning_web/live/components/form.ex     | 10 ++-
 .../live/sandbox_live/components.ex           |  1 -
 .../live/sandbox_live/form_component.ex       |  1 -
 test/lightning_web/components/form_test.exs   | 87 +++++++++++++++++++
 .../components/new_inputs_test.exs            | 58 +++++++++++++
 6 files changed, 166 insertions(+), 7 deletions(-)
 create mode 100644 test/lightning_web/components/form_test.exs

diff --git a/lib/lightning_web/components/new_inputs.ex b/lib/lightning_web/components/new_inputs.ex
index f54fc8b0c3d..a6bb15bd910 100644
--- a/lib/lightning_web/components/new_inputs.ex
+++ b/lib/lightning_web/components/new_inputs.ex
@@ -400,9 +400,11 @@ defmodule LightningWeb.Components.NewInputs do
 
   attr :placeholder, :string, default: ""
 
+  attr :autocomplete, :string, default: "off"
+
   attr :rest, :global,
     include:
-      ~w(accept autocomplete capture cols disabled form list max maxlength min minlength
+      ~w(accept capture cols disabled form list max maxlength min minlength
                 multiple pattern placeholder readonly required rows size step)
 
   attr :class, :string, default: ""
@@ -616,6 +618,7 @@ defmodule LightningWeb.Components.NewInputs do
         id={@id}
         name={@name}
         class={@class}
+        autocomplete={@autocomplete}
         value={@value}
         placeholder={@placeholder}
         {@rest}
@@ -635,6 +638,7 @@ defmodule LightningWeb.Components.NewInputs do
         id={@id}
         name={@name}
         class={["rounded-md w-full font-mono bg-slate-800 text-slate-100", @class]}
+        autocomplete={@autocomplete}
         value={@value}
         placeholder={@placeholder}
         errors={@errors}
@@ -660,6 +664,7 @@ defmodule LightningWeb.Components.NewInputs do
       </.label>
       <div class="relative mt-2 rounded-lg shadow-xs">
         <input
+          autocomplete={@autocomplete}
           type={@type}
           name={@name}
           id={@id}
@@ -985,6 +990,7 @@ defmodule LightningWeb.Components.NewInputs do
           name={@name}
           id={@id}
           class={@class}
+          autocomplete={@autocomplete}
           value={Form.normalize_value(@type, @value)}
           placeholder={@placeholder}
           {@rest}
@@ -1019,15 +1025,17 @@ defmodule LightningWeb.Components.NewInputs do
   attr :value, :any
   attr :errors, :list, default: []
   attr :class, :string, default: ""
+  attr :autocomplete, :string, default: "off"
 
   attr :rest, :global,
     include:
-      ~w(accept autocomplete capture cols disabled form list max maxlength min minlength
+      ~w(accept capture cols disabled form list max maxlength min minlength
               multiple pattern placeholder readonly required rows size step)
 
   def input_element(assigns) do
     ~H"""
     <input
+      autocomplete={@autocomplete}
       type={@type}
       name={@name}
       id={@id}
@@ -1060,15 +1068,17 @@ defmodule LightningWeb.Components.NewInputs do
   attr :value, :any
   attr :errors, :list, default: []
   attr :class, :any, default: ""
+  attr :autocomplete, :string, default: "off"
 
   attr :rest, :global,
     include:
-      ~w(accept autocomplete capture cols disabled form list max maxlength min minlength
+      ~w(accept capture cols disabled form list max maxlength min minlength
               multiple pattern placeholder readonly required rows size step)
 
   def textarea_element(assigns) do
     ~H"""
     <textarea
+      autocomplete={@autocomplete}
       id={@id}
       name={@name}
       class={[
diff --git a/lib/lightning_web/live/components/form.ex b/lib/lightning_web/live/components/form.ex
index 2e5d519616a..0352440524e 100644
--- a/lib/lightning_web/live/components/form.ex
+++ b/lib/lightning_web/live/components/form.ex
@@ -128,7 +128,10 @@ defmodule LightningWeb.Components.Form do
         label_classes: label_classes,
         error_classes: error_classes,
         input_classes: input_classes,
-        opts: assigns.rest |> assigns_to_attributes()
+        opts:
+          assigns.rest
+          |> assigns_to_attributes()
+          |> Keyword.put_new(:autocomplete, "off")
       )
       |> assign_new(:label, fn -> nil end)
       |> assign_new(:hint, fn -> nil end)
@@ -269,7 +272,10 @@ defmodule LightningWeb.Components.Form do
         label_classes: label_classes,
         error_classes: error_classes,
         input_classes: input_classes,
-        opts: assigns.rest |> assigns_to_attributes()
+        opts:
+          assigns.rest
+          |> assigns_to_attributes()
+          |> Keyword.put_new(:autocomplete, "off")
       )
 
     ~H"""
diff --git a/lib/lightning_web/live/sandbox_live/components.ex b/lib/lightning_web/live/sandbox_live/components.ex
index f6e20e2fe61..f2b2728b878 100644
--- a/lib/lightning_web/live/sandbox_live/components.ex
+++ b/lib/lightning_web/live/sandbox_live/components.ex
@@ -167,7 +167,6 @@ defmodule LightningWeb.SandboxLive.Components do
             field={@confirm_form[:name]}
             label="Sandbox name"
             placeholder={@sandbox.name}
-            autocomplete="off"
             required
           />
           <.errors field={@confirm_form[:name]} />
diff --git a/lib/lightning_web/live/sandbox_live/form_component.ex b/lib/lightning_web/live/sandbox_live/form_component.ex
index ce40b72407e..c8a590c8962 100644
--- a/lib/lightning_web/live/sandbox_live/form_component.ex
+++ b/lib/lightning_web/live/sandbox_live/form_component.ex
@@ -241,7 +241,6 @@ defmodule LightningWeb.SandboxLive.FormComponent do
                 field={f[:raw_name]}
                 label="Name"
                 required
-                autocomplete="off"
                 placeholder="My Sandbox"
                 phx-debounce="300"
               />
diff --git a/test/lightning_web/components/form_test.exs b/test/lightning_web/components/form_test.exs
new file mode 100644
index 00000000000..af50724fa45
--- /dev/null
+++ b/test/lightning_web/components/form_test.exs
@@ -0,0 +1,87 @@
+defmodule LightningWeb.Components.FormTest do
+  @moduledoc false
+  use LightningWeb.ConnCase, async: true
+
+  import Phoenix.LiveViewTest
+
+  alias LightningWeb.Components.Form
+
+  # A minimal embedded schema to produce real Ecto changesets for testing.
+  defmodule Item do
+    use Ecto.Schema
+
+    embedded_schema do
+      field :name, :string
+      field :secret, :string
+    end
+
+    def changeset(item \\ %__MODULE__{}, params) do
+      Ecto.Changeset.cast(item, params, [:name, :secret])
+    end
+  end
+
+  defp form_for_item do
+    Item.changeset(%{"name" => "test", "secret" => ""})
+    |> Phoenix.Component.to_form()
+  end
+
+  # ---- password_field/1 autocomplete ----------------------------------------
+
+  describe "password_field/1 autocomplete" do
+    test "renders autocomplete='off' by default" do
+      form = form_for_item()
+
+      html =
+        render_component(&Form.password_field/1, %{
+          form: form,
+          id: :secret
+        })
+
+      assert html =~ ~s(autocomplete="off")
+    end
+
+    test "allows explicit autocomplete override" do
+      form = form_for_item()
+
+      html =
+        render_component(&Form.password_field/1, %{
+          form: form,
+          id: :secret,
+          autocomplete: "current-password"
+        })
+
+      assert html =~ ~s(autocomplete="current-password")
+      refute html =~ ~s(autocomplete="off")
+    end
+  end
+
+  # ---- text_field/1 autocomplete --------------------------------------------
+
+  describe "text_field/1 autocomplete" do
+    test "renders autocomplete='off' by default" do
+      form = form_for_item()
+
+      html =
+        render_component(&Form.text_field/1, %{
+          form: form,
+          field: :name
+        })
+
+      assert html =~ ~s(autocomplete="off")
+    end
+
+    test "allows explicit autocomplete override" do
+      form = form_for_item()
+
+      html =
+        render_component(&Form.text_field/1, %{
+          form: form,
+          field: :name,
+          autocomplete: "email"
+        })
+
+      assert html =~ ~s(autocomplete="email")
+      refute html =~ ~s(autocomplete="off")
+    end
+  end
+end
diff --git a/test/lightning_web/components/new_inputs_test.exs b/test/lightning_web/components/new_inputs_test.exs
index fd7c0758c47..1ac35907aa3 100644
--- a/test/lightning_web/components/new_inputs_test.exs
+++ b/test/lightning_web/components/new_inputs_test.exs
@@ -111,6 +111,64 @@ defmodule LightningWeb.Components.NewInputsTest do
     end
   end
 
+  # ---- autocomplete defaults --------------------------------------------------
+
+  describe "autocomplete defaults" do
+    test "input/1 renders autocomplete='off' by default" do
+      form = used_field_form()
+
+      html =
+        render_component(&NewInputs.input/1, %{
+          field: form[:name],
+          type: "text"
+        })
+
+      assert html =~ ~s(autocomplete="off")
+    end
+
+    test "input/1 allows explicit autocomplete override" do
+      form = used_field_form()
+
+      html =
+        render_component(&NewInputs.input/1, %{
+          field: form[:name],
+          type: "text",
+          autocomplete: "email"
+        })
+
+      # The override value is rendered via {@rest} after the static default.
+      # Browsers use the last attribute value, so autocomplete="email" wins.
+      assert html =~ ~s(autocomplete="email")
+    end
+
+    test "input/1 password type renders autocomplete='off' by default" do
+      form = used_field_form()
+
+      html =
+        render_component(&NewInputs.input/1, %{
+          field: form[:name],
+          type: "password"
+        })
+
+      assert html =~ ~s(autocomplete="off")
+    end
+
+    test "input/1 password type allows explicit autocomplete override" do
+      form = used_field_form()
+
+      html =
+        render_component(&NewInputs.input/1, %{
+          field: form[:name],
+          type: "password",
+          autocomplete: "current-password"
+        })
+
+      # The override value is rendered via {@rest} after the static default.
+      # Browsers use the last attribute value, so autocomplete="current-password" wins.
+      assert html =~ ~s(autocomplete="current-password")
+    end
+  end
+
   # ---- old_error/1 (CoreComponents) -----------------------------------------
 
   describe "old_error/1 used_input? gating" do

From 931a8e7dbc4f4ccb0ce3a588cb47645f3db6cda9 Mon Sep 17 00:00:00 2001
From: Lucy Macartney <macartney.lucy@gmail.com>
Date: Thu, 16 Apr 2026 14:28:28 +0100
Subject: [PATCH 2/4] Add semantic autocomplete to auth forms and fix raw
 inputs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add explicit autocomplete values to authentication forms so browser
autofill works correctly: email, current-password, new-password,
given-name, family-name, one-time-code on login, registration,
password reset, profile, TOTP/MFA, re-authenticate, first setup,
admin user, and book demo forms.

Add autocomplete="off" to raw <input> tags that bypass shared
components (webhook URL, token display, webhook auth password/API
key inputs).

Use autocomplete="new-password" on non-auth password fields
(credentials, OAuth client ID/secret, webhook auth, Kafka) to
prevent Chrome from autofilling saved passwords — Chrome ignores
"off" on type="password" fields but respects "new-password".
---
 .../user_registration_html/new.html.heex         | 10 +++++++++-
 .../user_reset_password_html/edit.html.heex      |  8 +++++++-
 .../controllers/user_session_html/new.html.heex  |  8 +++++++-
 .../controllers/user_totp_html/new.html.heex     |  2 +-
 lib/lightning_web/live/book_demo_banner.ex       | 16 ++++++++++++++--
 .../json_schema_body_component.ex                |  1 +
 .../oauth_client_form_component.ex               |  2 ++
 .../live/first_setup_live/superuser.html.heex    |  8 +++++++-
 .../live/job_live/kafka_setup_component.ex       |  2 +-
 .../live/profile_live/form_component.html.heex   |  6 ++++++
 .../live/profile_live/mfa_component.html.heex    |  2 +-
 .../live/re_authenticate_live/new.html.heex      |  3 ++-
 .../live/tokens_live/index.html.heex             |  1 +
 .../live/user_live/form_component.html.heex      |  2 +-
 .../live/workflow_live/components.ex             |  1 +
 .../webhook_auth_method_form_component.ex        | 16 ++++++++++++++--
 16 files changed, 75 insertions(+), 13 deletions(-)

diff --git a/lib/lightning_web/controllers/user_registration_html/new.html.heex b/lib/lightning_web/controllers/user_registration_html/new.html.heex
index 629a3920884..46591056c66 100644
--- a/lib/lightning_web/controllers/user_registration_html/new.html.heex
+++ b/lib/lightning_web/controllers/user_registration_html/new.html.heex
@@ -32,10 +32,16 @@
                   field={f[:first_name]}
                   label="First Name"
                   required={true}
+                  autocomplete="given-name"
                 />
               </div>
               <div>
-                <.input field={f[:last_name]} required={true} label="Last Name" />
+                <.input
+                  field={f[:last_name]}
+                  required={true}
+                  label="Last Name"
+                  autocomplete="family-name"
+                />
               </div>
               <div>
                 <.input
@@ -43,6 +49,7 @@
                   type="email"
                   label="Email"
                   required={true}
+                  autocomplete="email"
                 />
               </div>
               <div>
@@ -51,6 +58,7 @@
                   type="password"
                   label="Password"
                   required={true}
+                  autocomplete="new-password"
                 />
               </div>
 
diff --git a/lib/lightning_web/controllers/user_reset_password_html/edit.html.heex b/lib/lightning_web/controllers/user_reset_password_html/edit.html.heex
index 9a766d1d33b..a9a92e5538e 100644
--- a/lib/lightning_web/controllers/user_reset_password_html/edit.html.heex
+++ b/lib/lightning_web/controllers/user_reset_password_html/edit.html.heex
@@ -27,7 +27,12 @@
             <div class="grid grid-flow-row gap-4 auto-rows-max">
               <div>
                 <.label for={:password}>New password</.label>
-                <.input type="password" field={f[:password]} required />
+                <.input
+                  type="password"
+                  field={f[:password]}
+                  required
+                  autocomplete="new-password"
+                />
               </div>
 
               <div>
@@ -38,6 +43,7 @@
                   type="password"
                   field={f[:password_confirmation]}
                   required
+                  autocomplete="new-password"
                 />
               </div>
 
diff --git a/lib/lightning_web/controllers/user_session_html/new.html.heex b/lib/lightning_web/controllers/user_session_html/new.html.heex
index 8a945fc56f7..8e2949b9f8c 100644
--- a/lib/lightning_web/controllers/user_session_html/new.html.heex
+++ b/lib/lightning_web/controllers/user_session_html/new.html.heex
@@ -33,10 +33,16 @@
                   field={f[:email]}
                   required={true}
                   label="Email"
+                  autocomplete="email"
                 />
               </div>
               <div>
-                <.input type="password" field={f[:password]} label="Password" />
+                <.input
+                  type="password"
+                  field={f[:password]}
+                  label="Password"
+                  autocomplete="current-password"
+                />
               </div>
               <.check_box form={f} field={:remember_me}>
                 <br />
diff --git a/lib/lightning_web/controllers/user_totp_html/new.html.heex b/lib/lightning_web/controllers/user_totp_html/new.html.heex
index 5821ff3f5fe..a852e526b23 100644
--- a/lib/lightning_web/controllers/user_totp_html/new.html.heex
+++ b/lib/lightning_web/controllers/user_totp_html/new.html.heex
@@ -30,7 +30,7 @@
               type="text"
               field={f[:code]}
               required="true"
-              autocomplete="off"
+              autocomplete="one-time-code"
               inputmode="numeric"
               placeholder="XXXXXX"
               class="bg-gray-50 border border-gray-300 text-gray-900 sm:text-sm rounded-lg focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-blue-500 dark:focus:border-blue-500"
diff --git a/lib/lightning_web/live/book_demo_banner.ex b/lib/lightning_web/live/book_demo_banner.ex
index 6440ad46efa..2448ad34c58 100644
--- a/lib/lightning_web/live/book_demo_banner.ex
+++ b/lib/lightning_web/live/book_demo_banner.ex
@@ -157,8 +157,20 @@ defmodule LightningWeb.BookDemoBanner do
           phx-submit="schedule-call"
         >
           <div class="flex flex-col gap-2">
-            <.input type="text" field={f[:name]} label="Name" required={true} />
-            <.input type="text" field={f[:email]} label="Email" required={true} />
+            <.input
+              type="text"
+              field={f[:name]}
+              label="Name"
+              required={true}
+              autocomplete="name"
+            />
+            <.input
+              type="text"
+              field={f[:email]}
+              label="Email"
+              required={true}
+              autocomplete="email"
+            />
             <.input
               type="textarea"
               field={f[:message]}
diff --git a/lib/lightning_web/live/credential_live/json_schema_body_component.ex b/lib/lightning_web/live/credential_live/json_schema_body_component.ex
index 1689873580d..42ed39858c7 100644
--- a/lib/lightning_web/live/credential_live/json_schema_body_component.ex
+++ b/lib/lightning_web/live/credential_live/json_schema_body_component.ex
@@ -78,6 +78,7 @@ defmodule LightningWeb.CredentialLive.JsonSchemaBodyComponent do
         field={@form_field}
         label={@title}
         required={@required}
+        autocomplete={if @type == "password", do: "new-password", else: "off"}
         checked={@type == "checkbox" and @form_field.value == true}
       />
     </div>
diff --git a/lib/lightning_web/live/credential_live/oauth_client_form_component.ex b/lib/lightning_web/live/credential_live/oauth_client_form_component.ex
index bc948abc4d1..e4b318fb824 100644
--- a/lib/lightning_web/live/credential_live/oauth_client_form_component.ex
+++ b/lib/lightning_web/live/credential_live/oauth_client_form_component.ex
@@ -422,6 +422,7 @@ defmodule LightningWeb.CredentialLive.OauthClientFormComponent do
                   field={f[:client_id]}
                   label="Client ID"
                   required="true"
+                  autocomplete="new-password"
                 />
               </div>
             </div>
@@ -433,6 +434,7 @@ defmodule LightningWeb.CredentialLive.OauthClientFormComponent do
                   field={f[:client_secret]}
                   label="Client Secret"
                   required="true"
+                  autocomplete="new-password"
                 />
               </div>
             </div>
diff --git a/lib/lightning_web/live/first_setup_live/superuser.html.heex b/lib/lightning_web/live/first_setup_live/superuser.html.heex
index 09799be5ed2..ae37d082e8d 100644
--- a/lib/lightning_web/live/first_setup_live/superuser.html.heex
+++ b/lib/lightning_web/live/first_setup_live/superuser.html.heex
@@ -35,7 +35,12 @@
 
       <div class="grid grid-cols-6 gap-6">
         <div class="col-span-3">
-          <.input type="password" field={f[:password]} label="Password" />
+          <.input
+            type="password"
+            field={f[:password]}
+            label="Password"
+            autocomplete="new-password"
+          />
         </div>
       </div>
 
@@ -45,6 +50,7 @@
             type="password"
             field={f[:password_confirmation]}
             label="Password confirmation"
+            autocomplete="new-password"
           />
         </div>
       </div>
diff --git a/lib/lightning_web/live/job_live/kafka_setup_component.ex b/lib/lightning_web/live/job_live/kafka_setup_component.ex
index ef49daf7db4..cb2c065210d 100644
--- a/lib/lightning_web/live/job_live/kafka_setup_component.ex
+++ b/lib/lightning_web/live/job_live/kafka_setup_component.ex
@@ -69,7 +69,6 @@ defmodule LightningWeb.JobLive.KafkaSetupComponent do
             type="text"
             field={kafka_config[:username]}
             label="Username"
-            autocomplete="off"
             disabled={@disabled}
           />
         </div>
@@ -81,6 +80,7 @@ defmodule LightningWeb.JobLive.KafkaSetupComponent do
             label="Password"
             disabled={@disabled}
             value={password}
+            autocomplete="new-password"
           />
         </div>
 
diff --git a/lib/lightning_web/live/profile_live/form_component.html.heex b/lib/lightning_web/live/profile_live/form_component.html.heex
index 7e82d8bf32e..5ada64c6dca 100644
--- a/lib/lightning_web/live/profile_live/form_component.html.heex
+++ b/lib/lightning_web/live/profile_live/form_component.html.heex
@@ -17,6 +17,7 @@
           field={f[:first_name]}
           label="First name"
           required="true"
+          autocomplete="given-name"
         />
       </div>
       <div class="space-y-4">
@@ -25,6 +26,7 @@
           field={f[:last_name]}
           label="Last name"
           required="true"
+          autocomplete="family-name"
         />
       </div>
       <div class="space-y-4">
@@ -80,6 +82,7 @@
           label="Enter password to confirm"
           required="true"
           phx-debounce="blur"
+          autocomplete="current-password"
         />
       </div>
     </div>
@@ -113,6 +116,7 @@
           field={f[:password]}
           label="New password"
           required="true"
+          autocomplete="new-password"
         />
       </div>
       <div class="space-y-4">
@@ -121,6 +125,7 @@
           field={f[:password_confirmation]}
           label="Confirm new password"
           required="true"
+          autocomplete="new-password"
         />
       </div>
       <div class="space-y-4">
@@ -129,6 +134,7 @@
           field={f[:current_password]}
           label="Current password"
           required="true"
+          autocomplete="current-password"
         />
       </div>
     </div>
diff --git a/lib/lightning_web/live/profile_live/mfa_component.html.heex b/lib/lightning_web/live/profile_live/mfa_component.html.heex
index 82eaf208823..209b8a60add 100644
--- a/lib/lightning_web/live/profile_live/mfa_component.html.heex
+++ b/lib/lightning_web/live/profile_live/mfa_component.html.heex
@@ -160,7 +160,7 @@
               <.input
                 type="text"
                 field={f[:code]}
-                autocomplete="off"
+                autocomplete="one-time-code"
                 placeholder="XXXXXX"
                 label="Verify the code from the app"
               />
diff --git a/lib/lightning_web/live/re_authenticate_live/new.html.heex b/lib/lightning_web/live/re_authenticate_live/new.html.heex
index 2d5f8fce1e4..0f0c02c52de 100644
--- a/lib/lightning_web/live/re_authenticate_live/new.html.heex
+++ b/lib/lightning_web/live/re_authenticate_live/new.html.heex
@@ -61,6 +61,7 @@
                 type="password"
                 field={f[:password]}
                 required="true"
+                autocomplete="current-password"
                 class="bg-gray-50 border border-gray-300 text-gray-900 sm:text-sm rounded-lg focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-blue-500 dark:focus:border-blue-500"
               />
             <% else %>
@@ -68,7 +69,7 @@
                 type="text"
                 field={f[:code]}
                 required="true"
-                autocomplete="off"
+                autocomplete="one-time-code"
                 inputmode="numeric"
                 placeholder="XXXXXX"
                 class="bg-gray-50 border border-gray-300 text-gray-900 sm:text-sm focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-blue-500 dark:focus:border-blue-500"
diff --git a/lib/lightning_web/live/tokens_live/index.html.heex b/lib/lightning_web/live/tokens_live/index.html.heex
index 0d3d20c0ef5..b0c0e135b57 100644
--- a/lib/lightning_web/live/tokens_live/index.html.heex
+++ b/lib/lightning_web/live/tokens_live/index.html.heex
@@ -43,6 +43,7 @@
             value={@new_token}
             class="my-auto w-full border-0 bg-inherit disabled:opacity-70 mr-1"
             disabled
+            autocomplete="off"
           />
 
           <button
diff --git a/lib/lightning_web/live/user_live/form_component.html.heex b/lib/lightning_web/live/user_live/form_component.html.heex
index 296ab693f07..1997383047e 100644
--- a/lib/lightning_web/live/user_live/form_component.html.heex
+++ b/lib/lightning_web/live/user_live/form_component.html.heex
@@ -32,7 +32,7 @@
     <div class="grid grid-cols-6 gap-6">
       <div class="col-span-3">
         <.label for={:password}>Password</.label>
-        <.input type="password" field={f[:password]} />
+        <.input type="password" field={f[:password]} autocomplete="new-password" />
       </div>
     </div>
 
diff --git a/lib/lightning_web/live/workflow_live/components.ex b/lib/lightning_web/live/workflow_live/components.ex
index a782690aec9..9ab5f93b9a4 100644
--- a/lib/lightning_web/live/workflow_live/components.ex
+++ b/lib/lightning_web/live/workflow_live/components.ex
@@ -389,6 +389,7 @@ defmodule LightningWeb.WorkflowLive.Components do
                 class="block w-full flex-1 rounded-l-lg text-slate-900 disabled:bg-gray-50 disabled:text-gray-500 border border-r-0 border-secondary-300 sm:text-sm sm:leading-6"
                 value={url(~p"/i/#{@form[:id].value}")}
                 disabled="disabled"
+                autocomplete="off"
               />
 
               <button
diff --git a/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex b/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex
index f5dcc4cbc55..b85e165a8c7 100644
--- a/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex
+++ b/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex
@@ -288,7 +288,12 @@ defmodule LightningWeb.WorkflowLive.WebhookAuthMethodFormComponent do
           </div>
         <% end %>
 
-        <.input type="password" field={f[:password]} label="Password" />
+        <.input
+          type="password"
+          field={f[:password]}
+          label="Password"
+          autocomplete="new-password"
+        />
         <div class="relative">
           <div class="absolute inset-0 flex items-center" aria-hidden="true">
             <div class="w-full border-t border-gray-300"></div>
@@ -474,7 +479,12 @@ defmodule LightningWeb.WorkflowLive.WebhookAuthMethodFormComponent do
       </div>
     <% else %>
       <.label for={:password}>Password</.label>
-      <.input type="password" field={@form[:password]} required="true" />
+      <.input
+        type="password"
+        field={@form[:password]}
+        required="true"
+        autocomplete="new-password"
+      />
 
       <div class="hidden sm:block" aria-hidden="true">
         <div class="py-1"></div>
@@ -525,6 +535,7 @@ defmodule LightningWeb.WorkflowLive.WebhookAuthMethodFormComponent do
           }
           class="block w-full flex-1 rounded-l-lg text-slate-900 disabled:bg-gray-50 disabled:text-gray-500 border border-r-0 border-secondary-300 sm:text-sm sm:leading-6"
           disabled="disabled"
+          autocomplete="new-password"
         />
 
         <button
@@ -570,6 +581,7 @@ defmodule LightningWeb.WorkflowLive.WebhookAuthMethodFormComponent do
             )
           }
           disabled="disabled"
+          autocomplete="off"
         />
 
         <button

From 0fb51394ed40486eae89a35146871a23662a9877 Mon Sep 17 00:00:00 2001
From: Lucy Macartney <macartney.lucy@gmail.com>
Date: Thu, 16 Apr 2026 14:29:02 +0100
Subject: [PATCH 3/4] Add autoComplete="off" to React input elements

Add autoComplete="off" to shared form components (TextField,
NumberField) and all inline <input> tags across the collaborative
editor and other React files including trigger form, cron builder,
version picker, search inputs, and manual run panel.

Add Vitest tests for TextField and NumberField verifying the
autoComplete attribute is rendered.
---
 .../SearchableList/SearchableList.tsx         |  1 +
 .../components/SessionList.tsx                |  1 +
 .../components/VersionPicker.tsx              |  1 +
 .../components/form/number-field.tsx          |  1 +
 .../components/form/text-field.tsx            |  1 +
 .../components/inspector/CronFieldBuilder.tsx |  1 +
 .../components/inspector/TriggerForm.tsx      |  6 ++
 .../left-panel/TemplateSearchInput.tsx        |  1 +
 .../manual-run/SelectedDataclipView.tsx       |  1 +
 .../manual-run-panel/views/ExistingView.tsx   |  3 +
 .../workflow-diagram/nodes/PlaceholderJob.tsx |  1 +
 .../components/form/number-field.test.tsx     |  6 +-
 .../components/form/text-field.test.tsx       | 58 +++++++++++++++++++
 13 files changed, 80 insertions(+), 2 deletions(-)
 create mode 100644 assets/test/collaborative-editor/components/form/text-field.test.tsx

diff --git a/assets/js/collaborative-editor/components/SearchableList/SearchableList.tsx b/assets/js/collaborative-editor/components/SearchableList/SearchableList.tsx
index b6b49e29a64..c30198b3ab3 100644
--- a/assets/js/collaborative-editor/components/SearchableList/SearchableList.tsx
+++ b/assets/js/collaborative-editor/components/SearchableList/SearchableList.tsx
@@ -58,6 +58,7 @@ export function SearchableList({
           aria-controls={listboxId}
           aria-activedescendant={activeDescendantId}
           aria-autocomplete="list"
+          autoComplete="off"
           className="block w-full rounded-md border-secondary-300
             pl-10 pr-10 shadow-xs sm:text-sm
             focus:border-primary-300 focus:ring
diff --git a/assets/js/collaborative-editor/components/SessionList.tsx b/assets/js/collaborative-editor/components/SessionList.tsx
index a59497c0285..b800df32468 100644
--- a/assets/js/collaborative-editor/components/SessionList.tsx
+++ b/assets/js/collaborative-editor/components/SessionList.tsx
@@ -125,6 +125,7 @@ export function SessionList({
               value={searchQuery}
               onChange={e => setSearchQuery(e.target.value)}
               placeholder="Search conversations..."
+              autoComplete="off"
               className={cn(
                 'w-full h-[34px] pl-9 pr-3 text-sm',
                 'bg-gray-50 border border-gray-200 rounded-lg',
diff --git a/assets/js/collaborative-editor/components/VersionPicker.tsx b/assets/js/collaborative-editor/components/VersionPicker.tsx
index b659e03c40d..5b4220bf49e 100644
--- a/assets/js/collaborative-editor/components/VersionPicker.tsx
+++ b/assets/js/collaborative-editor/components/VersionPicker.tsx
@@ -140,6 +140,7 @@ export function VersionPicker({
           role="combobox"
           aria-expanded={isOpen}
           aria-controls="version-listbox"
+          autoComplete="off"
         />
         <button
           type="button"
diff --git a/assets/js/collaborative-editor/components/form/number-field.tsx b/assets/js/collaborative-editor/components/form/number-field.tsx
index 6a858a04ed8..f6e50d866b1 100644
--- a/assets/js/collaborative-editor/components/form/number-field.tsx
+++ b/assets/js/collaborative-editor/components/form/number-field.tsx
@@ -67,6 +67,7 @@ export function NumberField({
         disabled={disabled}
         min={min}
         max={max}
+        autoComplete="off"
         className={INPUT_CLASSES}
       />
     </FormField>
diff --git a/assets/js/collaborative-editor/components/form/text-field.tsx b/assets/js/collaborative-editor/components/form/text-field.tsx
index 6afbf49db2b..9275b1d53b1 100644
--- a/assets/js/collaborative-editor/components/form/text-field.tsx
+++ b/assets/js/collaborative-editor/components/form/text-field.tsx
@@ -21,6 +21,7 @@ export function TextField({
         onChange={e => field.handleChange(e.target.value)}
         disabled={disabled}
         placeholder={placeholder}
+        autoComplete="off"
         className={INPUT_CLASSES}
       />
     </FormField>
diff --git a/assets/js/collaborative-editor/components/inspector/CronFieldBuilder.tsx b/assets/js/collaborative-editor/components/inspector/CronFieldBuilder.tsx
index 7a449406ad4..b68c270a172 100644
--- a/assets/js/collaborative-editor/components/inspector/CronFieldBuilder.tsx
+++ b/assets/js/collaborative-editor/components/inspector/CronFieldBuilder.tsx
@@ -756,6 +756,7 @@ export function CronFieldBuilder({
             <input
               id="cron-expression"
               type="text"
+              autoComplete="off"
               value={value}
               onChange={e => {
                 onChange(e.target.value);
diff --git a/assets/js/collaborative-editor/components/inspector/TriggerForm.tsx b/assets/js/collaborative-editor/components/inspector/TriggerForm.tsx
index a1be264f046..5b5da3278a7 100644
--- a/assets/js/collaborative-editor/components/inspector/TriggerForm.tsx
+++ b/assets/js/collaborative-editor/components/inspector/TriggerForm.tsx
@@ -239,6 +239,7 @@ export function TriggerForm({ trigger }: TriggerFormProps) {
                           value={webhookUrl}
                           readOnly
                           disabled
+                          autoComplete="off"
                           className="block w-full flex-1 rounded-l-lg
                             text-slate-900 disabled:bg-gray-50
                             disabled:text-gray-500 border border-r-0
@@ -582,6 +583,7 @@ export function TriggerForm({ trigger }: TriggerFormProps) {
                               onChange={e => field.handleChange(e.target.value)}
                               onBlur={field.handleBlur}
                               disabled={isReadOnly}
+                              autoComplete="off"
                               placeholder="localhost:9092, broker2:9092"
                               className={`
                                   block w-full px-3 py-2 border rounded-md text-sm
@@ -626,6 +628,7 @@ export function TriggerForm({ trigger }: TriggerFormProps) {
                               onChange={e => field.handleChange(e.target.value)}
                               onBlur={field.handleBlur}
                               disabled={isReadOnly}
+                              autoComplete="off"
                               placeholder="topic1, topic2, topic3"
                               className={`
                                   block w-full px-3 py-2 border rounded-md text-sm
@@ -769,6 +772,7 @@ export function TriggerForm({ trigger }: TriggerFormProps) {
                                       }
                                       onBlur={field.handleBlur}
                                       disabled={isReadOnly}
+                                      autoComplete="off"
                                       className={`
                                           block w-full px-3 py-2 border rounded-md text-sm
                                           ${
@@ -811,6 +815,7 @@ export function TriggerForm({ trigger }: TriggerFormProps) {
                                       }
                                       onBlur={field.handleBlur}
                                       disabled={isReadOnly}
+                                      autoComplete="off"
                                       className={`
                                           block w-full px-3 py-2 border rounded-md text-sm
                                           ${
@@ -928,6 +933,7 @@ export function TriggerForm({ trigger }: TriggerFormProps) {
                                   }
                                   onBlur={field.handleBlur}
                                   disabled={isReadOnly}
+                                  autoComplete="off"
                                   className={`
                                         block w-full px-3 py-2 border rounded-md text-sm
                                         ${
diff --git a/assets/js/collaborative-editor/components/left-panel/TemplateSearchInput.tsx b/assets/js/collaborative-editor/components/left-panel/TemplateSearchInput.tsx
index 623a04ef322..c6f18c23d49 100644
--- a/assets/js/collaborative-editor/components/left-panel/TemplateSearchInput.tsx
+++ b/assets/js/collaborative-editor/components/left-panel/TemplateSearchInput.tsx
@@ -88,6 +88,7 @@ export function TemplateSearchInput({
         onChange={handleChange}
         onKeyDown={handleKeyDown}
         placeholder={placeholder}
+        autoComplete="off"
         className={cn(
           'block w-full pl-10 pr-10 py-2 border border-gray-300 rounded-lg',
           'text-sm placeholder-gray-400',
diff --git a/assets/js/collaborative-editor/components/manual-run/SelectedDataclipView.tsx b/assets/js/collaborative-editor/components/manual-run/SelectedDataclipView.tsx
index 24844a6ca34..c809379e147 100644
--- a/assets/js/collaborative-editor/components/manual-run/SelectedDataclipView.tsx
+++ b/assets/js/collaborative-editor/components/manual-run/SelectedDataclipView.tsx
@@ -72,6 +72,7 @@ export function SelectedDataclipView({
               <input
                 type="text"
                 value={editedName}
+                autoComplete="off"
                 onChange={e => setEditedName(e.target.value)}
                 onKeyDown={e => {
                   if (e.key === 'Enter' && !isSaving) {
diff --git a/assets/js/manual-run-panel/views/ExistingView.tsx b/assets/js/manual-run-panel/views/ExistingView.tsx
index 663e2c9c20d..c90636c2ecd 100644
--- a/assets/js/manual-run-panel/views/ExistingView.tsx
+++ b/assets/js/manual-run-panel/views/ExistingView.tsx
@@ -109,6 +109,7 @@ const ExistingView: React.FC<ExistingViewProps> = ({
                   setQuery(e.target.value);
                 }}
                 type="text"
+                autoComplete="off"
                 className="focus:outline focus:outline-2 focus:-outline-offset-2 focus:ring-0  disabled:cursor-not-allowed disabled:bg-gray-50 disabled:text-gray-500 border-slate-300 focus:border-slate-400 focus:outline-indigo-600 block w-full rounded-l-md border-0 border-r-0 py-1.5 pl-10 text-gray-900 ring-1 ring-inset ring-gray-300 placeholder:text-gray-400  focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
                 placeholder="Search names or UUID prefixes"
               />
@@ -164,6 +165,7 @@ const ExistingView: React.FC<ExistingViewProps> = ({
                     <input
                       value={selectedDates.after}
                       id="created-after"
+                      autoComplete="off"
                       onChange={e => {
                         setSelectedDates(p => ({
                           after: e.target.value,
@@ -179,6 +181,7 @@ const ExistingView: React.FC<ExistingViewProps> = ({
                     <input
                       value={selectedDates.before}
                       id="created-before"
+                      autoComplete="off"
                       onChange={e => {
                         setSelectedDates(p => ({
                           after: p.after,
diff --git a/assets/js/workflow-diagram/nodes/PlaceholderJob.tsx b/assets/js/workflow-diagram/nodes/PlaceholderJob.tsx
index ba8f6abe1f0..e91be33fcc6 100644
--- a/assets/js/workflow-diagram/nodes/PlaceholderJob.tsx
+++ b/assets/js/workflow-diagram/nodes/PlaceholderJob.tsx
@@ -178,6 +178,7 @@ const PlaceholderJobNode = ({ id, data, selected }: NodeProps<NodeData>) => {
               inputRef?.focus();
             }}
             autoFocus
+            autoComplete="off"
             value={jobName}
             onChange={e => {
               setJobName(e.target.value);
diff --git a/assets/test/collaborative-editor/components/form/number-field.test.tsx b/assets/test/collaborative-editor/components/form/number-field.test.tsx
index 9beef6914b3..32a31b97d21 100644
--- a/assets/test/collaborative-editor/components/form/number-field.test.tsx
+++ b/assets/test/collaborative-editor/components/form/number-field.test.tsx
@@ -48,11 +48,13 @@ describe('NumberField', () => {
     );
   }
 
-  it('renders with label and help text', () => {
+  it('renders with label, help text, and autoComplete="off"', () => {
     render(<TestForm />);
 
-    expect(screen.getByLabelText('Count')).toBeInTheDocument();
+    const input = screen.getByLabelText('Count') as HTMLInputElement;
+    expect(input).toBeInTheDocument();
     expect(screen.getByText('Enter a number')).toBeInTheDocument();
+    expect(input).toHaveAttribute('autocomplete', 'off');
   });
 
   it('shows placeholder when value is null', () => {
diff --git a/assets/test/collaborative-editor/components/form/text-field.test.tsx b/assets/test/collaborative-editor/components/form/text-field.test.tsx
new file mode 100644
index 00000000000..3aa08b037e1
--- /dev/null
+++ b/assets/test/collaborative-editor/components/form/text-field.test.tsx
@@ -0,0 +1,58 @@
+import { render, screen } from '@testing-library/react';
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { useAppForm } from '../../../../js/collaborative-editor/components/form';
+import * as useWorkflowModule from '../../../../js/collaborative-editor/hooks/useWorkflow';
+
+// Mock useWorkflowState and useWorkflowActions (required by useAppForm's
+// useValidation hook, which reads from the collaborative workflow store)
+vi.mock('../../../../js/collaborative-editor/hooks/useWorkflow', () => ({
+  useWorkflowState: vi.fn(),
+  useWorkflowActions: vi.fn(() => ({
+    setClientErrors: vi.fn(),
+  })),
+}));
+
+describe('TextField', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    vi.mocked(useWorkflowModule.useWorkflowState).mockImplementation(
+      (selector?: (state: any) => any) => {
+        const state = {
+          workflow: { id: 'w-1', errors: {} },
+          jobs: [],
+          triggers: [],
+          edges: [],
+        };
+        return selector ? selector(state) : state;
+      }
+    );
+  });
+
+  function TestForm({ defaultValue = '' }: { defaultValue?: string }) {
+    const form = useAppForm({
+      defaultValues: { name: defaultValue },
+    });
+
+    return (
+      <form.AppField name="name">
+        {field => <field.TextField label="Name" placeholder="Enter a name" />}
+      </form.AppField>
+    );
+  }
+
+  it('renders with label, placeholder, and autoComplete="off"', () => {
+    render(<TestForm />);
+
+    const input = screen.getByLabelText('Name') as HTMLInputElement;
+    expect(input).toBeInTheDocument();
+    expect(input.placeholder).toBe('Enter a name');
+    expect(input).toHaveAttribute('autocomplete', 'off');
+  });
+
+  it('displays initial value', () => {
+    render(<TestForm defaultValue="hello" />);
+
+    const input = screen.getByLabelText('Name') as HTMLInputElement;
+    expect(input.value).toBe('hello');
+  });
+});

From 009151908d2f7033af3486f0c93c9bfe6d8aeb05 Mon Sep 17 00:00:00 2001
From: Lucy Macartney <macartney.lucy@gmail.com>
Date: Thu, 16 Apr 2026 18:20:19 +0100
Subject: [PATCH 4/4] Address review feedback on autocomplete implementation

Remove semantically incorrect autocomplete="new-password" from
non-password fields (OAuth Client ID, disabled webhook password display),
simplify json_schema_body_component conditional, remove redundant
autoComplete="off" from ProjectPicker, and fix duplicate autocomplete
attribute in new_inputs.ex code clause.
---
 assets/js/project-picker/ProjectPicker.tsx                      | 1 -
 lib/lightning_web/components/new_inputs.ex                      | 1 -
 .../live/credential_live/json_schema_body_component.ex          | 2 +-
 .../live/credential_live/oauth_client_form_component.ex         | 1 -
 .../live/workflow_live/webhook_auth_method_form_component.ex    | 2 +-
 5 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/assets/js/project-picker/ProjectPicker.tsx b/assets/js/project-picker/ProjectPicker.tsx
index 24b9bd9f4f5..1f1d457e46d 100644
--- a/assets/js/project-picker/ProjectPicker.tsx
+++ b/assets/js/project-picker/ProjectPicker.tsx
@@ -199,7 +199,6 @@ export function ProjectPicker(props: ProjectPickerProps) {
               role="combobox"
               aria-controls="project-picker-options"
               aria-expanded="true"
-              autoComplete="off"
             />
             <kbd className="hidden sm:inline-flex items-center gap-1 rounded px-2 py-1 text-xs text-gray-400 ring-1 ring-gray-300">
               <span>{isMac ? '⌘' : 'Ctrl'}</span>
diff --git a/lib/lightning_web/components/new_inputs.ex b/lib/lightning_web/components/new_inputs.ex
index a6bb15bd910..c00d671b562 100644
--- a/lib/lightning_web/components/new_inputs.ex
+++ b/lib/lightning_web/components/new_inputs.ex
@@ -618,7 +618,6 @@ defmodule LightningWeb.Components.NewInputs do
         id={@id}
         name={@name}
         class={@class}
-        autocomplete={@autocomplete}
         value={@value}
         placeholder={@placeholder}
         {@rest}
diff --git a/lib/lightning_web/live/credential_live/json_schema_body_component.ex b/lib/lightning_web/live/credential_live/json_schema_body_component.ex
index 42ed39858c7..1b0246e9ed3 100644
--- a/lib/lightning_web/live/credential_live/json_schema_body_component.ex
+++ b/lib/lightning_web/live/credential_live/json_schema_body_component.ex
@@ -78,7 +78,7 @@ defmodule LightningWeb.CredentialLive.JsonSchemaBodyComponent do
         field={@form_field}
         label={@title}
         required={@required}
-        autocomplete={if @type == "password", do: "new-password", else: "off"}
+        autocomplete={if @type == "password", do: "new-password"}
         checked={@type == "checkbox" and @form_field.value == true}
       />
     </div>
diff --git a/lib/lightning_web/live/credential_live/oauth_client_form_component.ex b/lib/lightning_web/live/credential_live/oauth_client_form_component.ex
index e4b318fb824..5540231e9f3 100644
--- a/lib/lightning_web/live/credential_live/oauth_client_form_component.ex
+++ b/lib/lightning_web/live/credential_live/oauth_client_form_component.ex
@@ -422,7 +422,6 @@ defmodule LightningWeb.CredentialLive.OauthClientFormComponent do
                   field={f[:client_id]}
                   label="Client ID"
                   required="true"
-                  autocomplete="new-password"
                 />
               </div>
             </div>
diff --git a/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex b/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex
index b85e165a8c7..137272a1bda 100644
--- a/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex
+++ b/lib/lightning_web/live/workflow_live/webhook_auth_method_form_component.ex
@@ -535,7 +535,7 @@ defmodule LightningWeb.WorkflowLive.WebhookAuthMethodFormComponent do
           }
           class="block w-full flex-1 rounded-l-lg text-slate-900 disabled:bg-gray-50 disabled:text-gray-500 border border-r-0 border-secondary-300 sm:text-sm sm:leading-6"
           disabled="disabled"
-          autocomplete="new-password"
+          autocomplete="off"
         />
 
         <button