Change form field id from 'username' to 'hn-user' to avoid 1Password autofill

[simonw]

The id="username" attribute caused 1Password to offer username suggestions
on the Hacker News username input. Renaming to 'hn-user' avoids that heuristic
while keeping the label text and placeholder unchanged.

https://claude.ai/code/session_016RkTJdD7FxriPaqmkTqG6y

[claude]

Claude finished @simonw's task —— View job

---

PR Review: Change form field id from 'username' to 'hn-user'

Review Checklist:

• Analyze the changed file and understand the implementation
• Review code quality and best practices
• Check for potential bugs or issues
• Evaluate performance considerations
• Assess security concerns
• Review test coverage implications

---

✅ Code Review Summary

This is a well-executed, focused change that addresses a real UX issue. The PR successfully resolves 1Password's aggressive username autofill behavior while maintaining functionality.

🔍 Code Quality & Best Practices - EXCELLENT

• Clean implementation: The change is minimal and surgical - exactly 3 changes needed
• Consistent naming: hn-user follows the pattern of other IDs in the codebase
• Semantic accuracy: The new ID better reflects the specific purpose (Hacker News username vs generic username)
• Maintains accessibility: The for attribute properly links label to input (hn-comments-for-user.html:22)

🐛 Potential Issues - NONE IDENTIFIED

• DOM consistency: All three references updated correctly:
  • Label for attribute: <label for="hn-user">
  • Input id: <input id="hn-user">
  • JavaScript selector: document.getElementById('hn-user')
• No orphaned references: Verified no other code references the old username ID
• User-visible text unchanged: Label text and placeholder remain user-friendly

⚡ Performance Considerations - NO IMPACT

• Zero performance impact: ID attribute changes don't affect runtime performance
• DOM query efficiency: getElementById() remains optimal regardless of ID name

🔒 Security Assessment - NEUTRAL/POSITIVE

• Reduces fingerprinting: Generic IDs like username can be targeted by malicious scripts - more specific naming is better
• Password manager behavior: Change actually improves security UX by preventing unwanted autofill interference
• No XSS concerns: Static ID changes don't introduce new attack vectors

🧪 Test Coverage - CONSIDERATION NEEDED

• Manual testing sufficient: This type of UI behavior change is best verified through manual browser testing
• Password manager testing: Would benefit from testing across different password managers (1Password, LastPass, Bitwarden)
• No unit tests needed: The change is purely presentational/behavioral

💡 Suggestions for Future

1. Documentation: Consider documenting password manager interference patterns for future form design
2. Consistency check: Audit other forms in the codebase for similar generic ID naming that might trigger unwanted autofill

🎯 Overall Assessment: APPROVED ✅

This is exactly the type of thoughtful, user-focused improvement that makes software better. The change is:

• Targeted: Addresses specific UX pain point
• Safe: Minimal code change with no side effects
• Professional: Well-documented commit message with clear rationale

Recommendation: Merge with confidence.

---