[whatwg] <input type="password">... restrict reading value from JS?
Tom O'Connor
me at tom.id.au
Mon Jul 11 07:17:23 PDT 2011
We would likely end up with some more of these lovely interfaces:
https://online.westpac.com.au/
Try using that without a mouse and not going insane/grossly disclosing
your input to anyone paying mild attention to your screen.
Tom
On 11/07/2011 23:29, Sean Connelly wrote:
> As a web developer, if I wanted access to the password, I would then avoid
> using the<input type="password"> field, and create my own field that reads
> characters (perhaps via onkeyup), and fakes a password field visually.
>
> I also think it's a bad idea to change the behavior of<input
> type="password"> because it will break websites that assumed they could read
> the value. Perhaps a website checks against a user's past 10 passwords to
> see if they are using the same one, via XHR. Or perhaps the entire login
> process is XHR. Who knows.
More information about the whatwg
mailing list