You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue is 2 years old — any thoughts on moving it forward? I'd be happy to try and submit a pull request if you can give me a sense of what's involved here.
I'm not sure if it is possible. It's most certainly not possible in 3.x, and in 4.x there's the new env['action_dispatch.parameter_filter'] with a lambda form, which makes it possible, but in order for it to figure out what fields are password fields we'd need our captcha object to be globally scoped, and that introduces all sorts of threading issues and....
Basically it's just a huge clusterfuck and you probably shouldn't be encoding password fields with negative_captcha. I might be amenable to removing them from the project entirely.
Stop leaking user supplied values entered into password fields protected with negative captcha into log files.
The text was updated successfully, but these errors were encountered: