[wp-trac] [WordPress Trac] #43886: Chrome autofills password over "new password" field when updating user.
WordPress Trac
noreply at wordpress.org
Fri Apr 27 21:25:28 UTC 2018
#43886: Chrome autofills password over "new password" field when updating user.
----------------------------+-------------------------------------
Reporter: WraithKenny | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Keywords: 2nd-opinion needs-patch
Focuses: administration |
----------------------------+-------------------------------------
Chrome, the wonderful browser that it is, is super helpful.
When editing a user (even your own), and attempting to update the password
with a nice strong one, Chrome will (helpfully) insert *your* old password
into the new password field, right when you click update. (You can tell,
because the length of the password will change to your passwords length).
Incognito Mode fixes it, apparently, and uninstalling Chrome in favor of
Firefox seems to work too.
From what I've been able to guess, it's because of Chrome's unique
implementation of completely ignoring `autocomplete="off"`
https://bugs.chromium.org/p/chromium/issues/detail?id=370363#c7 and
suggests `autocomplete="new-password"` instead.
Alternatively, `<form autocomplete="off">` could possibly work.
https://stackoverflow.com/questions/15738259/disabling-chrome-autofill
It does seem to make sense to disable autocomplete completely on the edit-
user form, since it's not actually useful to fill in some random user's
info with info from your browser...especially passwords...despite what
Chrome seems to believe.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43886>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list