[wp-trac] [WordPress Trac] #56763: Disable spellcheck for all password fields for better privacy
WordPress Trac
noreply at wordpress.org
Thu Jan 19 08:51:55 UTC 2023
#56763: Disable spellcheck for all password fields for better privacy
------------------------------------+-----------------------
Reporter: dziudek | Owner: audrasjb
Type: enhancement | Status: closed
Priority: normal | Milestone: 6.2
Component: Login and Registration | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch commit | Focuses: privacy
------------------------------------+-----------------------
Changes (by audrasjb):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"55094" 55094]:
{{{
#!CommitTicketReference repository="" revision="55094"
Login and Registration: Disable spellcheck for password fields.
This changeset adds `spellcheck="false"` attribute to various password
fields.
The spellcheck global attribute defines whether the element may be checked
for spelling errors. The `false` value indicates that the element should
not be checked for spelling errors, which is relevant for a password
field.
Furthermore, and as per MDN specs, using spellchecking can have
consequences for users' security and privacy. The specification does not
regulate how spellchecking is done and the content of the element may be
sent to a third party for spellchecking results. Thus, it is recommended
to set `spellcheck` attribute to `false` for elements that can contain
sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes #56763.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56763#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list