KeePassXC: How can I auto-fill but NOT auto-submit?

[watchpocket]

First off, I'm using KeePassXC (not KeePass2 or KeyPassX or KeePassDX) on a desktop workstation.

I regularly visit a website where I want to be able to auto-fill both the username & password credential boxes, but I don't want to auto-submit the username & password.

You can't have auto-submit on a login page where, when you log out, you're returned instantly to the login page again.

If auto-submit is activated on a page that sends you back to the login page when you log off, the auto-submit will kick in again after you log off and after you then get returned to the login page, so that you'll never be able to log out.

(Though yes, the website will eventually log you off after some amount of time that you're inactive on the site.)

In KeePassXC, in the "Edit entry" --> "Auto-Type" window for this particular webpages' entry, I've checked "Enable Auto-Type for this entry" and "Use custom Auto-Type sequence."

In the box below that, I've changed

{USERNAME}{TAB}{PASSWORD}{ENTER}

to just:

{USERNAME}{TAB}{PASSWORD}

thinking that leaving out "{ENTER}" would prevent the actual log-in, until if and when I manually hit the key.

But the auto-submit takes place anyway.

(I never had this problem when I was using KeePass2, by the way. Or rather, it was more straightforward in that program what to do about it.)

So, my question:

What do I need to do to have the login take place only when I hit ?

I'm using:

KeePassXC Version: 2.6.6

KeePassXC-Browser Version: 1.7.10.1

Firefox Version: 95.0b12

Ubuntu Linux 20.04.3, kernel 5.11.0-40-generic

(P.S. -- In the KeePassXC-Browser extension's Settings -> General page, there is a warning about halfway down (in the "filling Credentials" section) that says: "Warning! Using auto-fill is not safe. Use at your own risk."

But I think it's auto-submit that's dangerous, not auto-fill, exactly for the reason I state above.)

[droidmonkey]

Use either Browser Extension OR Auto-Type but not both. Make sure you didn't define a custom sequence in a window association that includes the enter key.

Autofill is dangerous on browser extension because your credentials could be harvested by a malicious script on the page that holds bogus login fields. Auto fill removes the human interaction aspect which is what makes it dangerous.