Input type=password, don't let browser remember the password
I remember seeing a way to have an such that the browser will not prompt the user to save the password. But I
-
seeing as autocomplete=off is deprecated, I suggest a more recent solution.
Set your password field to a normal text field, and mask your input with "discs" using CSS. the code should look like this:
<input type="text" class="myPassword" /> input .myPassword{ text-security:disc; -webkit-text-security:disc; -mox-text-security:disc; }Please note that this may not work propely on firefox browsers, and an additional walkaround is needed. Read more about it here :https://stackoverflow.com/a/49304708/5477548.
The solution was taken from this link, but to comply with SO "no-hotlinks" i summarized it here.
讨论(0) -
I solved in another way. You can try this.
<input id="passfld" type="text" autocomplete="off" /> <script type="text/javascript"> // Using jQuery $(function(){ setTimeout(function(){ $("input#passfld").attr("type","password"); },10); }); // or in pure javascript window.onload=function(){ setTimeout(function(){ document.getElementById('passfld').type = 'password'; },10); } </script>#another way
<script type="text/javascript"> function setAutoCompleteOFF(tm){ if(typeof tm =="undefined"){tm=10;} try{ var inputs=$(".auto-complete-off,input[autocomplete=off]"); setTimeout(function(){ inputs.each(function(){ var old_value=$(this).attr("value"); var thisobj=$(this); setTimeout(function(){ thisobj.removeClass("auto-complete-off").addClass("auto-complete-off-processed"); thisobj.val(old_value); },tm); }); },tm); }catch(e){} } $(function(){ setAutoCompleteOFF(); }); </script>// you need to add attribute autocomplete="off" or you can add class .auto-complete-off into the input box and enjoy
Example:
<input id="passfld" type="password" autocomplete="off" /> OR <input id="passfld" class="auto-complete-off" type="password" />讨论(0) -
You can use JQuery, select the item by id:
$("input#Password").attr("autocomplete","off");Or select the item by type:
$("input[type='password']").attr("autocomplete","off");Or also:
You can use pure Javascript:
document.getElementById('Password').autocomplete = 'off';讨论(0) -
you can also use it like following
$('#Password').attr("autocomplete", "off"); setTimeout('$("#Password").val("");', 2000);讨论(0) -
As for security issues, here is what a security consultant will tell you on the whole field issue (this is from an actual independent security audit):
HTML Autocomplete Enabled – Password fields in HTML forms have autocomplete enabled. Most browsers have a facility to remember user credentials entered into HTML forms.
Relative Risk: Low
Affected Systems/Devices: o https://*******/
I also agree this should cover any field that contains truly private data. I feel that it is alright to force a person to always type their credit card information, CVC code, passwords, usernames, etc whenever that site is going to access anything that should be kept secure [universally or by legal compliance requirements]. For example: purchase forms, bank/credit sites, tax sites, medical data, federal, nuclear, etc - not Sites like Stack Overflow or Facebook.
Other types of sites - e.g. TimeStar Online for clocking in and out of work - it's stupid, since I always use the same PC/account at work, that I can't save the credentials on that site - strangely enough I can on my Android but not on an iPad. Even shared PCs this wouldn't be too bad since clocking in/out for someone else really doesn't do anything but annoy your supervisor. (They have to go in and delete the erroneous punches - just choose not to save on public PCs).
讨论(0) -
<input type="password" autocomplete="off" />I'd just like to add that as a user I think this is very annoying and a hassle to overcome. I strongly recommend against using this as it will more than likely aggravate your users.
Passwords are already not stored in the MRU, and correctly configured public machines will not even save the username.
讨论(0)
加载中...
- 热议问题