"Spell-Jacking" mitigation ~ prevent sensitive data leak from spell c…

…hecker. (#2091) @see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Co-authored-by: Daniel Hammer <daniel.hammer+oss@gmail.com>
navidrome · Feb 6, 2023 · fc8462d · fc8462d
1 parent 9d459fb
commit fc8462d
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 7 deletions.
diff --git a/ui/src/layout/Login.js b/ui/src/layout/Login.js
@@ -138,6 +138,7 @@ const FormLogin = ({ loading, handleSubmit, validate }) => {
                     component={renderInput}
                     label={translate('ra.auth.username')}
                     disabled={loading}
+                    spellCheck={false}
                   />
                 </div>
                 <div className={classes.input}>
@@ -201,6 +202,7 @@ const FormSignUp = ({ loading, handleSubmit, validate }) => {
                     component={renderInput}
                     label={translate('ra.auth.username')}
                     disabled={loading}
+                    spellCheck={false}
                   />
                 </div>
                 <div className={classes.input}>

diff --git a/ui/src/user/UserCreate.js b/ui/src/user/UserCreate.js
@@ -51,10 +51,18 @@ const UserCreate = (props) => {
   return (
     <Create title={<Title subTitle={title} />} {...props}>
       <SimpleForm save={save} variant={'outlined'}>
-        <TextInput source="userName" validate={[required()]} />
+        <TextInput
+          spellCheck={false}
+          source="userName"
+          validate={[required()]}
+        />
         <TextInput source="name" validate={[required()]} />
-        <TextInput source="email" validate={[email()]} />
-        <PasswordInput source="password" validate={[required()]} />
+        <TextInput spellCheck={false} source="email" validate={[email()]} />
+        <PasswordInput
+          spellCheck={false}
+          source="password"
+          validate={[required()]}
+        />
         <BooleanInput source="isAdmin" defaultValue={false} />
       </SimpleForm>
     </Create>

diff --git a/ui/src/user/UserEdit.js b/ui/src/user/UserEdit.js
@@ -108,22 +108,32 @@ const UserEdit = (props) => {
         save={save}
       >
         {permissions === 'admin' && (
-          <TextInput source="userName" validate={[required()]} />
+          <TextInput
+            spellCheck={false}
+            source="userName"
+            validate={[required()]}
+          />
         )}
         <TextInput
           source="name"
           validate={[required()]}
           {...getNameHelperText()}
         />
-        <TextInput source="email" validate={[email()]} />
+        <TextInput spellCheck={false} source="email" validate={[email()]} />
         <BooleanInput source="changePassword" />
         <FormDataConsumer>
           {(formDataProps) => (
-            <CurrentPasswordInput isMyself={isMyself} {...formDataProps} />
+            <CurrentPasswordInput
+              spellCheck={false}
+              isMyself={isMyself}
+              {...formDataProps}
+            />
           )}
         </FormDataConsumer>
         <FormDataConsumer>
-          {(formDataProps) => <NewPasswordInput {...formDataProps} />}
+          {(formDataProps) => (
+            <NewPasswordInput spellCheck={false} {...formDataProps} />
+          )}
         </FormDataConsumer>
 
         {permissions === 'admin' && (