[wp-trac] [WordPress Trac] #33699: Hidden password input fields should default to disabled="disabled"
WordPress Trac
noreply at wordpress.org
Tue Sep 29 22:08:47 UTC 2015
#33699: Hidden password input fields should default to disabled="disabled"
--------------------------+---------------------------------------------
Reporter: raamdev | Owner: adamsilverstein
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Users | Version: 4.3
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: ui, javascript, administration
--------------------------+---------------------------------------------
Changes (by adamsilverstein):
* owner: => adamsilverstein
* status: new => assigned
Comment:
@raamdev: Thanks for the bug report.
I can reproduce a similar issue by going to the edit profile screen, then
telling LastPass to autofill. I'm not sure how to reproduce with one of
the browsers you mentioned
Can you give the steps to reproduce and/or try adding disabled="disabled"
attribute to all the hidden fields, including the generated one, to see if
it helps.
I'm not sure disabling the fields will change anything - currently all
fields have the parameter autocomplete="off". This is the setting that is
supposed to tell LastPass and other password managers "don't autofill this
field".
Unfortunately, it looks like LastPass ignores these settings BY DEFAULT.
To fix this issue you can set LastPass to honor the autofill parameter:
[[Image(http://cl.ly/image/1H2m0E0A0O3E/Preferences_2015-09-29_15-54-48.jpg)]]
I tested this and verified it works correctly, preventing LastPass from
filling the hidden fields even when I try to manually 'autofill'.
Can you please give it a try and let me know if this resolves your issue?
//Recommend wontfix pending feedback from reporter.//
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33699#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list