[whatwg] <input type="password">... restrict reading value from JS?

Tom O'Connor me at tom.id.au
Mon Jul 11 07:17:23 PDT 2011


We would likely end up with some more of these lovely interfaces: 
https://online.westpac.com.au/

Try using that without a mouse and not going insane/grossly disclosing 
your input to anyone paying mild attention to your screen.

Tom

On 11/07/2011 23:29, Sean Connelly wrote:
> As a web developer, if I wanted access to the password, I would then avoid
> using the<input type="password">  field, and create my own field that reads
> characters (perhaps via onkeyup), and fakes a password field visually.
>
> I also think it's a bad idea to change the behavior of<input
> type="password">  because it will break websites that assumed they could read
> the value.  Perhaps a website checks against a user's past 10 passwords to
> see if they are using the same one, via XHR.  Or perhaps the entire login
> process is XHR.  Who knows.



More information about the whatwg mailing list