[wp-trac] [WordPress Trac] #56763: Disable spellcheck for all password fields for better privacy
WordPress Trac
noreply at wordpress.org
Sat Oct 8 09:48:18 UTC 2022
#56763: Disable spellcheck for all password fields for better privacy
-------------------------+-----------------------------
Reporter: dziudek | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: major | Keywords: has-patch
Focuses: privacy |
-------------------------+-----------------------------
According to discovery described in this article:
https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-
your-passwords-via-web-browsers-spellcheck/
All password fields generated in WordPress should have attribute
`spellcheck="false"`. It will prevent browser from sending passwords to
the Google Chrome spellchecking service if Enhanced Spellcheck is enabled.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56763>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list