Closed
Bug 1237596
Opened 8 years ago
Closed 8 years ago
autocomplete=off is being ignored by browsers
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: bjoern, Unassigned)
Details
Attachments
(1 file)
|
2.37 KB,
patch
|
dylan
:
review-
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0 Build ID: 2015121300 Steps to reproduce: I noticed that Firefox and Chrome autocomplete username/password at places where it is not wanted and where bugzilla already uses autocomplete="off". For example in editparams.cgi?section=mta it fills in smtp_username/smtp_password which might end up bad if the admin doesn't realize that. Theses days it is more tricky to disable autocomplete. The most simple and reliable way seems to be to make the attribute readonly and "remove" the readonly via "onfocus". Patch attached.
|
||
Comment 1•8 years ago
|
||
Ewww, looks like an awful hack. Why do browsers break autocomplete=off? Shouldn't they be fixed instead of adding hacks to all webapps? :(
yes, browsers started to ignore it, because some sites use autocomplete=off and then users started using insecure passwords. That's mainly speculation though. Better ask you colleagues who work on Firefox about it to be sure :-) This is the least ugly and least intrusive hack I can find to fix autocomplete=off again.
background info: https://bugzilla.mozilla.org/show_bug.cgi?id=956906#c100
|
||
Comment 4•8 years ago
|
||
Comment on attachment 8705114 [details] [diff] [review] 0001-really-disable-autocomplete-for-modern-browsers.patch Review of attachment 8705114 [details] [diff] [review]: ----------------------------------------------------------------- I don't think fighting this browser feature is worthwhile.
Attachment #8705114 -
Flags: review-
|
|
||
Updated•8 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•