diff --git a/Services/Init/classes/class.ilStartUpGUI.php b/Services/Init/classes/class.ilStartUpGUI.php index adfb5fe3ae9c..d14c775e44a5 100755 --- a/Services/Init/classes/class.ilStartUpGUI.php +++ b/Services/Init/classes/class.ilStartUpGUI.php @@ -529,7 +529,7 @@ protected function initStandardLoginForm(): ilPropertyFormGUI $pi->setRetype(false); $pi->setSkipSyntaxCheck(true); $pi->setSize(20); - $pi->setDisableHtmlAutoComplete(false); + $pi->setDisableHtmlAutoComplete(true); $pi->setRequired(true); $form->addItem($pi); diff --git a/src/UI/Component/Input/Field/Factory.php b/src/UI/Component/Input/Field/Factory.php index 675eaf5ba801..41a940bfd398 100644 --- a/src/UI/Component/Input/Field/Factory.php +++ b/src/UI/Component/Input/Field/Factory.php @@ -320,6 +320,12 @@ public function tag(string $label, array $tags, ?string $byline = null): Tag; * rules: * usage: * 1: Password Input MUST be used for passwords. + * composition: + * 1: > + * The input MUST always be rendered with the attribute autocomplete="off". + * This advises browsers to NOT autofill the input field with cached passwords + * and avoids potential exposure of confidential data, especially in + * shared environments. * interaction: * 1: > * Password Input SHOULD NOT limit the number of characters. diff --git a/src/UI/templates/default/Input/tpl.password.html b/src/UI/templates/default/Input/tpl.password.html index 93e0f244cc13..2da5448c6c5c 100644 --- a/src/UI/templates/default/Input/tpl.password.html +++ b/src/UI/templates/default/Input/tpl.password.html @@ -1,5 +1,5 @@