-
-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make sure form autocomplete is off on passwords inputs #1841
Conversation
Make sure form autocomplete is off on passwords inputs
Thank you for fixing this! I only noticed this last week - maybe Chrome changed some behaviour? Anyway glad it's fixed, thanks Nicolas! |
You are welcome! What would you think to expand the idea to the username input field too ? |
I did it for the smtp but forgot it for the authors.... (lame)... |
@brendo @henrysingleton What do you think about my last comments ? |
Yeah I'd say it's a good idea for the create/edit authors form as well. |
Sure thing, send along and I'll merge |
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript)
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript)
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript) Picked from 301d2b7
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", #1843 and #1841) but it does not work. We also tried a non-standard solution (#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript) Picked from 301d2b7
This is a proposal to solve a problem I have been having since day one.
I always save my password for the login page, but this make Chrome adding my password BY DEFAULT on the create author and preferences pages.
This made my password visible throught the config.php page... Bummer.
I hope you guys like it. It not, the debate is open!