W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2011

[whatwg] <input type="password">... restrict reading value from JS?

From: Tom O'Connor <me@tom.id.au>
Date: Tue, 12 Jul 2011 00:17:23 +1000
Message-ID: <4E1B05F3.9000809@tom.id.au>
We would likely end up with some more of these lovely interfaces: 
https://online.westpac.com.au/

Try using that without a mouse and not going insane/grossly disclosing 
your input to anyone paying mild attention to your screen.

Tom

On 11/07/2011 23:29, Sean Connelly wrote:
> As a web developer, if I wanted access to the password, I would then avoid
> using the<input type="password">  field, and create my own field that reads
> characters (perhaps via onkeyup), and fakes a password field visually.
>
> I also think it's a bad idea to change the behavior of<input
> type="password">  because it will break websites that assumed they could read
> the value.  Perhaps a website checks against a user's past 10 passwords to
> see if they are using the same one, via XHR.  Or perhaps the entire login
> process is XHR.  Who knows.
Received on Monday, 11 July 2011 07:17:23 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:34 UTC