Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 8058:0e382e97f0e3
fix: disable spellchecking for password fields
Some browser can send password to a server for spellchecking. This
gives the browser a strong hint that they should not spellcheck a
password. Since a Password is not supposed to be a real word in any
language, spellchecking is worthless.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 07 Jul 2024 10:49:40 -0400 |
| parents | 3ddc6a7d41de |
| children | 28aa76443f58 |
comparison
equal
deleted
inserted
replaced
| 8050:093d2e0761d4 | 8058:0e382e97f0e3 |
|---|---|
| 259 * https://mathiasbynens.be/notes/mysql-utf8mb4#utf8-to-utf8mb4 | 259 * https://mathiasbynens.be/notes/mysql-utf8mb4#utf8-to-utf8mb4 |
| 260 * https://adamhooper.medium.com/in-mysql-never-use-utf8-use-utf8mb4-11761243e434 | 260 * https://adamhooper.medium.com/in-mysql-never-use-utf8-use-utf8mb4-11761243e434 |
| 261 | 261 |
| 262 .. _issue2551282: https://issues.roundup-tracker.org/issue2551282 | 262 .. _issue2551282: https://issues.roundup-tracker.org/issue2551282 |
| 263 .. _issue2551115: https://issues.roundup-tracker.org/issue2551115 | 263 .. _issue2551115: https://issues.roundup-tracker.org/issue2551115 |
| 264 | |
| 265 Disable spellcheck on all password fields (recommended) | |
| 266 ------------------------------------------------------- | |
| 267 | |
| 268 All tracker templates have been updated to disable spell checking on | |
| 269 password input fields. This can help prevent exposing the password to | |
| 270 an external server that provides spell checking for a browser. Since | |
| 271 passwords should not be real words in any language, spell checking | |
| 272 serves no purpose. | |
| 273 | |
| 274 If you have modified your template with a "show password" option you | |
| 275 should disable spell check. | |
| 276 | |
| 277 To implement this in your deployed trackers, add:: | |
| 278 | |
| 279 spellcheck="false" | |
| 280 | |
| 281 to make your password inputs look like:: | |
| 282 | |
| 283 <input type="password" spellcheck="false" name=....> | |
| 284 | |
| 285 The changed files in the classic/devel/responsive templates are: | |
| 286 | |
| 287 .. code-block:: text | |
| 288 | |
| 289 html/page.html | |
| 290 html/user.item.html | |
| 291 | |
| 292 and in the jinja2 template the following files were changed: | |
| 293 | |
| 294 .. code-block:: text | |
| 295 | |
| 296 html/user.item.html | |
| 297 html/user.register.html | |
| 298 html/layout/navigation.html | |
| 264 | 299 |
| 265 Add new classhelper to your templates (optional) | 300 Add new classhelper to your templates (optional) |
| 266 ------------------------------------------------ | 301 ------------------------------------------------ |
| 267 | 302 |
| 268 The classic classhelper invoked by the ``(list)`` link in your | 303 The classic classhelper invoked by the ``(list)`` link in your |