-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: placeholders & password autocomplete #78
Conversation
elenajdanova
commented
May 13, 2024
•
edited
Loading
edited
![Screenshot 2024-05-16 at 1 56 22 PM](https://private-user-images.githubusercontent.com/26873786/331331383-dfa9dc8f-36df-486e-be3b-8f102ff56f8e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjAyODIwNTAsIm5iZiI6MTcyMDI4MTc1MCwicGF0aCI6Ii8yNjg3Mzc4Ni8zMzEzMzEzODMtZGZhOWRjOGYtMzZkZi00ODZlLWJlM2ItOGYxMDJmZjU2ZjhlLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzA2VDE2MDIzMFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTI3NDNlMDY1MTJiYWI5YmQxM2FlYTMxOTZhZTVkZGEzOWMwOTM2YmQ4YmY3MzBjN2Q0NDljZmM5MTU3MjRhZDImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.ou43ySnqhBxVsA08AI1xhOlGzJzhqZ1tvANnlaluzQQ)
src/controls/TextControl.tsx
Outdated
// https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion | ||
return ( | ||
<Input.Password | ||
{...({ ...rest, autoComplete: "new-password" } as InputProps)} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Setting autoComplete to "new-password"
will cause browsers to treat the field as a new password and offer to generate one, for instance. That may be a use case for some folks using this library, but I don't think it's safe to assume it's the primary use case. If you want it to have specific configurable behavior, I'd suggest modifying TextControlOptions
in src/ui-schema.ts to have an inputProps
property typed similarly to TextControlInputProps
in this file, so that users can configured this behavior via a UISchema.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it was just a workaround to prevent auto-filling the input cause as it's mentioned in the article I posted in the comment
Even without a master password, in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise.
For this reason, many modern browsers do NOT support autocomplete="off" for login field
But they do support new-password
in the right way.
I def can pass it as an input prop
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I realized we already use autocomplete so it would be strange to override it somewhere else in the code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should avoid accreting properties on TextControlOptions that are really just antd InputProps--did you try adding a inputProps
property to TextControlOptions that's typed as antd's InputProps?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup, @DrewHoo can you take a look?
…ions/jsonforms-antd-renderers into b/lakitu/fix-placeholders
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #78 +/- ##
==========================================
- Coverage 76.78% 76.60% -0.18%
==========================================
Files 36 36
Lines 435 436 +1
Branches 75 75
==========================================
Hits 334 334
- Misses 77 78 +1
Partials 24 24 ☔ View full report in Codecov by Sentry. |
372a5ca
to
dc74a4f
Compare
🎉 This PR is included in version 1.15.4 🎉 The release is available on: Your semantic-release bot 📦🚀 |