From d47d3d6289a29d9323b885e373e435692ff38799 Mon Sep 17 00:00:00 2001 From: Tim Bongers <117283193+tbongers-cat@users.noreply.github.com> Date: Fri, 18 Aug 2023 14:27:57 +0200 Subject: [PATCH] UI/Init: Add autocomplete="off" for password fields (#6149) --- Services/Init/classes/class.ilStartUpGUI.php | 2 +- src/UI/Component/Input/Field/Factory.php | 6 +++++ .../templates/default/Input/tpl.password.html | 2 +- .../Input/Field/PasswordInputTest.php | 27 +++++++++---------- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/Services/Init/classes/class.ilStartUpGUI.php b/Services/Init/classes/class.ilStartUpGUI.php index adfb5fe3ae9c..d14c775e44a5 100755 --- a/Services/Init/classes/class.ilStartUpGUI.php +++ b/Services/Init/classes/class.ilStartUpGUI.php @@ -529,7 +529,7 @@ protected function initStandardLoginForm(): ilPropertyFormGUI $pi->setRetype(false); $pi->setSkipSyntaxCheck(true); $pi->setSize(20); - $pi->setDisableHtmlAutoComplete(false); + $pi->setDisableHtmlAutoComplete(true); $pi->setRequired(true); $form->addItem($pi); diff --git a/src/UI/Component/Input/Field/Factory.php b/src/UI/Component/Input/Field/Factory.php index 675eaf5ba801..41a940bfd398 100644 --- a/src/UI/Component/Input/Field/Factory.php +++ b/src/UI/Component/Input/Field/Factory.php @@ -320,6 +320,12 @@ public function tag(string $label, array $tags, ?string $byline = null): Tag; * rules: * usage: * 1: Password Input MUST be used for passwords. + * composition: + * 1: > + * The input MUST always be rendered with the attribute autocomplete="off". + * This advises browsers to NOT autofill the input field with cached passwords + * and avoids potential exposure of confidential data, especially in + * shared environments. * interaction: * 1: > * Password Input SHOULD NOT limit the number of characters. diff --git a/src/UI/templates/default/Input/tpl.password.html b/src/UI/templates/default/Input/tpl.password.html index 93e0f244cc13..2da5448c6c5c 100644 --- a/src/UI/templates/default/Input/tpl.password.html +++ b/src/UI/templates/default/Input/tpl.password.html @@ -1,5 +1,5 @@