- From: Bjartur Thorlacius <svartman95@gmail.com>
- Date: Mon, 11 Jul 2011 17:11:22 +0000
?ann sun 10.j?l 2011 08:08, skrifa?i Alex Vincent: > /** > * Check if a password field's value matches another. > * > * @param otherPassword Another password element. > * > * @throws Error if this.type != "password" > * @throws Error if other.type != "password" > * > * @returns Boolean True if the fields match. > */ > boolean passwordEquals(in HTMLInputElement otherPassword); > I believe this to belong to CSS. User agents could either ask or require users to input error-prone and important fields twice, without submitting the same value twice. This could be the default rendering (in some UAs) for strong inputs (i.e. <input> descendants of <strong>). This has the potential benefit of allowing media-aware prefixes for locales where that makes sense (as in 'Retype Password' vs 'Confirm Password'). Note that the confirmation input in <http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#the-required-attribute> is optional. <!DOCTYPE html> <title>Register a FooBar account</title> <form action=register method=POST> <label>Username <input name=user required></label> <strong><input type=password name=pass required></strong> </form> > /** > * Check the strength of the password. > * > * @param type The type of check to execute. > * > * @returns 0 if dangerously low security > * @returns 1 if "soon-to-be-deprecated" low security > * @returns 2 if adequate security > * @returns 3 if good security > * @returns 4 if strong security > * @returns 5 if entropy-death-of-the-universe security :-) > */ > unsigned octet passwordStrength(in DOMString type); > I don't think this is a good idea. Can't user-agents warn about insecure passwords without the help of author-supplied scripts?
Received on Monday, 11 July 2011 10:11:22 UTC