Make password inputs not give away how many characters were typed (#1…

…2659) This aligns with classic Jupyter Notebook behavior, and is generally a good security idea. Also, this decouples the implementation of the HTML input widget and the notion of the input being a password input by storing the password field as a private attribute of the stdin control, rather than relying on how the input was created.
jupyterlab · Jun 8, 2022 · dcd1941 · dcd1941
1 parent 9b35c8f
commit dcd1941
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/packages/outputarea/src/widget.ts b/packages/outputarea/src/widget.ts
@@ -920,6 +920,7 @@ export class Stdin extends Widget implements IStdin {
     this._future = options.future;
     this._parentHeader = options.parent_header;
     this._value = options.prompt + ' ';
+    this._password = options.password;
   }
 
   /**
@@ -972,8 +973,8 @@ export class Stdin extends Widget implements IStdin {
           },
           this._parentHeader
         );
-        if (input.type === 'password') {
-          this._value += Array(input.value.length + 1).join('·');
+        if (this._password) {
+          this._value += '········';
         } else {
           this._value += input.value;
           Stdin._historyPush(input.value);
@@ -1012,6 +1013,7 @@ export class Stdin extends Widget implements IStdin {
   private _value: string;
   private _valueCache: string;
   private _promise = new PromiseDelegate<void>();
+  private _password: boolean;
 }
 
 export namespace Stdin {