[wp-trac] [WordPress Trac] #41136: Login forms lacking autocomplete attributes
WordPress Trac
noreply at wordpress.org
Tue Jul 25 09:30:16 UTC 2017
#41136: Login forms lacking autocomplete attributes
-------------------------------------+------------------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Resolution:
Keywords: needs-patch ux-feedback | Focuses:
-------------------------------------+------------------------------
Description changed by ocean90:
Old description:
> The security team received a report via HackerOne related to
> `autocomplete` attributes being omitted from various form fields in `wp-
> login.php`. Since there is no direct security issue (and we've handled
> this type of improvement publicly previously) I'm creating a new ticket
> here to continue that.
>
> In my research, form fields in `wp_login_form()`, `show_user_form()`, and
> `show_blog_form()` need similar scrutiny and improvements.
>
> Related: https://core.trac.wordpress.org/ticket/24364
New description:
The security team received a report via HackerOne related to
`autocomplete` attributes being omitted from various form fields in `wp-
login.php`. Since there is no direct security issue (and we've handled
this type of improvement publicly previously) I'm creating a new ticket
here to continue that.
In my research, form fields in `wp_login_form()`, `show_user_form()`, and
`show_blog_form()` need similar scrutiny and improvements.
Related: #24364
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41136#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list