[buddypress-trac] [BuddyPress Trac] #6269: Add autocomplete="off" to bp-login widget password field
buddypress-trac
noreply at wordpress.org
Sun Mar 1 15:58:24 UTC 2015
#6269: Add autocomplete="off" to bp-login widget password field
-----------------------------+-----------------------------
Reporter: Prometheus Fire | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: API | Version:
Severity: normal | Keywords:
-----------------------------+-----------------------------
This one came from one of my corporate clients.
The password input field in the BP Login Widget throws a security warning
in IBM Security AppScan autocomplete is not disabled for password field.
This location in /buddypress/bp-core/bp-core-widgets/ on line 85.
Change from:
{{{
<input type="password" name="pwd" id="bp-login-widget-user-pass"
class="input" value="" />
}}}
Change to:
{{{
<input type="password" name="pwd" id="bp-login-widget-user-pass"
class="input" value="" autocomplete="off" />
}}}
This is a small and fairly simple fix, maybe in the next update?
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6269>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list