Make sure form autocomplete is off on passwords inputs #1841
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brendo
added a commit
that referenced
this pull request
Oct 15, 2013
Make sure form autocomplete is off on passwords inputs
|
Thank you for fixing this! I only noticed this last week - maybe Chrome changed some behaviour? Anyway glad it's fixed, thanks Nicolas! |
|
You are welcome! What would you think to expand the idea to the username input field too ? |
|
I did it for the smtp but forgot it for the authors.... (lame)... |
|
@brendo @henrysingleton What do you think about my last comments ? |
|
Yeah I'd say it's a good idea for the create/edit authors form as well. |
|
Sure thing, send along and I'll merge |
nitriques
added a commit
that referenced
this pull request
Jun 7, 2016
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript)
jensscherbl
pushed a commit
that referenced
this pull request
May 28, 2017
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript)
nitriques
added a commit
that referenced
this pull request
Jun 16, 2017
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript) Picked from 301d2b7
nitriques
added a commit
that referenced
this pull request
Jun 16, 2017
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript) Picked from 301d2b7
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a proposal to solve a problem I have been having since day one.
I always save my password for the login page, but this make Chrome adding my password BY DEFAULT on the create author and preferences pages.
This made my password visible throught the config.php page... Bummer.
I hope you guys like it. It not, the debate is open!