16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
51 lines
1.2 KiB
Plaintext
51 lines
1.2 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Most browsers automatically fill the content of input elements of type 'password' when this password has already been provided in the past.
|
|
|
|
|
|
Imagine that user B takes control of a machine belonging to a user A. Accessing a secured web site as user A is trivial for user B if form input elements are automatically filled in by the browser on the site's login page.
|
|
|
|
|
|
HTML 5 specifies the ability to turn this functionality off on a field-by-field basis using the ``++autocomplete++`` attribute, but most modern browsers ignore it in favor of their own password management.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
For HTML5:
|
|
|
|
[source,html]
|
|
----
|
|
<input type="password" />
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
For HTML5:
|
|
|
|
[source,html]
|
|
----
|
|
<input type="password" autocomplete="off" />
|
|
----
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Set the "autocomplete" attribute of this password input to "off".
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 31 Oct 2013, 10:18:22 Freddy Mallet wrote:
|
|
Is implemented by \http://jira.codehaus.org/browse/SONARPLUGINS-3221
|
|
|
|
endif::env-github,rspecator-view[]
|