[wp-trac] [WordPress Trac] #35707: On installation page, autocompleted password should not be visible.
WordPress Trac
noreply at wordpress.org
Sat Feb 15 16:48:40 UTC 2020
#35707: On installation page, autocompleted password should not be visible.
-------------------------------------------------+---------------------
Reporter: smerriman | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone:
Component: Upgrade/Install | Version: 4.3
Severity: normal | Resolution:
Keywords: needs-testing has-patch 2nd-opinion | Focuses:
-------------------------------------------------+---------------------
Changes (by bookdude13):
* keywords: needs-patch needs-testing => needs-testing has-patch 2nd-
opinion
Comment:
Looking into this further, the original
[https://make.wordpress.org/core/2015/05/11/the-plan-for-passwords/ Plan
for Passwords] had the objective of keeping passwords visible in plain
text. Patch 35707.2 would go directly against that. However, the login
form in wp-login.php line 1364 sets the input field to `type="password"`
initially as well, so that might be a moot point.
Further, the patch 35707.2 is not working for me anymore, since Chrome's
autofill makes the password visible even if it would normally be hidden.
If autofill isn't enabled then the password would start hidden with the
patch, the opposite of what makes sense. And the password field on the
install page should normally be `type="text"` to show the generated
password when autofill isn't used.
Patch 35707.1 would work for now, but needs some sort of
[https://github.com/tbosch/autofill-event polyfill] for it to function on
other browsers (currently not working on Firefox).
The question to advance this ticket: should we use an approach like
35707.1 with a polyfill, or should we not deal with this?
@smerriman is this still an issue for you, or have you found a workaround
for your case?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35707#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list