Mercurial > p > roundup > code
diff share/roundup/templates/devel/html/page.html @ 8058:0e382e97f0e3
fix: disable spellchecking for password fields
Some browser can send password to a server for spellchecking. This
gives the browser a strong hint that they should not spellcheck a
password. Since a Password is not supposed to be a real word in any
language, spellchecking is worthless.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 07 Jul 2024 10:49:40 -0400 |
| parents | a27f30709d46 |
| children | 2bf0c4e7795e |
line wrap: on
line diff
--- a/share/roundup/templates/devel/html/page.html Mon Jul 01 20:16:45 2024 -0400 +++ b/share/roundup/templates/devel/html/page.html Sun Jul 07 10:49:40 2024 -0400 @@ -163,7 +163,7 @@ <li> <tal:span i18n:translate="">Login</tal:span><br/> <input size="10" required name="__login_name"/><br/> - <input size="10" type="password" required name="__login_password"/><br/> + <input size="10" spellcheck="false" type="password" required name="__login_password"/><br/> <input name="@csrf" type="hidden" tal:attributes="value python:utils.anti_csrf_nonce()"> <input type="hidden" name="@action" value="Login"/> @@ -431,9 +431,9 @@ tal:attributes="id name; name name; value value; readonly not:edit_ok" value="heinz"/> <!-- password: type; no initial value --> - <input metal:define-macro="user_pw_input" type="password" + <input metal:define-macro="user_pw_input" spellcheck="false" type="password" tal:attributes="id name; name name; readonly not:edit_ok" value=""/> - <input metal:define-macro="user_confirm_input" type="password" + <input metal:define-macro="user_confirm_input" spellcheck="false" type="password" tal:attributes="id string:confirm_$name; name string:@confirm@$name; readonly not:edit_ok" value=""/> <!-- SHA: ca32e5f43efcb7c3b4940df6f7a176f6990b15f0 -->