[Likely false positive] HTMLCS H98 flags autocomplete="username" on the login email input

[bram-atmire]

Describe the bug

src/app/shared/log-in/methods/password/log-in-password.component.html declares the email input as:

<input ... autocomplete="username" type="email" required formControlName="email" ...>

Pa11y / HTMLCS rule H98 flags this combination, on the basis that a strict reading of the WHATWG HTML autocomplete spec used to allow the username token only on text-control inputs. Modern HTML treats type="email" as a text control, axe-core does not report this rule, and browsers (including password managers) handle the combination correctly.

Recording this for the project's awareness rather than as a defect to fix. If the project agrees this is a false positive, this issue can be closed with a note for future audits, or a Pa11y ignore-rule can be added so it stops surfacing during automated testing.

Confirmed in main at commit 9b025a61e.

To Reproduce

Run Pa11y with the HTMLCS runner on the DSpace login page (or on any page that renders the navbar login dropdown). HTMLCS rule H98 fires on the email input.

Expected behavior

Either:

• Close as a false positive with a note for future audits; or
• Suppress the rule in Pa11y configuration rather than degrading input semantics by changing type="email" to type="text" (which would lose the mobile keyboard hint and HTML5 validation).

Related work

• WCAG 1.3.5 Identify Input Purpose (which the current autocomplete="username" already satisfies).

[guillermo-escire]

Hi @bram-atmire , could you please assign me this issue to work on?

[bram-atmire]

Hi @guillermo-escire we're already on it, but it would be great if you could give it a review once we have the PR up!!!