Remove password manager autofill references

[jabawack81]

Summary

Browser security prevents password managers (1Password, Bitwarden, etc.) from injecting content scripts into other extensions' pages. Our autocomplete="current-password" and name="github-token" changes had no effect — both testers confirmed neither 1Password nor Bitwarden autofill the setup input.

• Revert autocomplete to off, drop the name attribute
• Remove the misleading "autofill support" CHANGELOG entry

Users must copy their token manually from the password manager popup and paste it.

Test plan

• Setup screen still accepts a pasted token
• No regression in the form submit flow

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Disabled password manager autofill on the GitHub token input field during setup to prevent unintended credential auto-population.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5202565f-8a28-4402-8a9f-5ca77e1bfe69

📥 Commits

Reviewing files that changed from the base of the PR and between 7664e0f and 078e736.

📒 Files selected for processing (2)

• CHANGELOG.md
• newtab.html

💤 Files with no reviewable changes (1)

• CHANGELOG.md

---

📝 Walkthrough

Walkthrough

A changelog entry about password manager autofill support was removed, and the GitHub token input field in the setup form was modified to remove its name attribute and change its autocomplete setting from "current-password" to "off".

Changes

Cohort / File(s)	Summary
Documentation Updates CHANGELOG.md	Removed changelog entry for password manager autofill support feature.
Form Input Configuration newtab.html	Modified GitHub token input field: removed name attribute and changed autocomplete from "current-password" to "off".

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 The token field hops without a name,
Autocomplete turned off—a privacy game,
Password managers need not apply,
With "off" we bid autofill goodbye! 🔐

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: removing password manager autofill references from both CHANGELOG.md and newtab.html.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/remove-autofill-mentions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR removes previously-added password manager autofill hints from the GitHub token setup input and deletes a misleading changelog entry, aligning the UI/configuration with the reality that password managers can’t inject into extension pages.

Changes:

• Revert the setup token input’s autocomplete to off and remove the name attribute.
• Remove the “password manager autofill support” entry from the Unreleased changelog.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
newtab.html	Removes autofill-oriented attributes from the setup token <input> while keeping the existing JS flow (token read by id).
CHANGELOG.md	Drops a changelog line that no longer reflects actual behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.