[whatwg] <input type="password">... restrict reading value from JS?
Bjartur Thorlacius
svartman95 at gmail.com
Mon Jul 11 10:11:22 PDT 2011
Þann sun 10.júl 2011 08:08, skrifaði Alex Vincent:
> /**
> * Check if a password field's value matches another.
> *
> * @param otherPassword Another password element.
> *
> * @throws Error if this.type != "password"
> * @throws Error if other.type != "password"
> *
> * @returns Boolean True if the fields match.
> */
> boolean passwordEquals(in HTMLInputElement otherPassword);
>
I believe this to belong to CSS. User agents could either ask or require
users to input error-prone and important fields twice, without
submitting the same value twice. This could be the default rendering (in
some UAs) for strong inputs (i.e. <input> descendants of <strong>). This
has the potential benefit of allowing media-aware prefixes for locales
where that makes sense (as in 'Retype Password' vs 'Confirm Password').
Note that the confirmation input in
<http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#the-required-attribute>
is optional.
<!DOCTYPE html>
<title>Register a FooBar account</title>
<form action=register method=POST>
<label>Username <input name=user required></label>
<strong><input type=password name=pass required></strong>
</form>
> /**
> * Check the strength of the password.
> *
> * @param type The type of check to execute.
> *
> * @returns 0 if dangerously low security
> * @returns 1 if "soon-to-be-deprecated" low security
> * @returns 2 if adequate security
> * @returns 3 if good security
> * @returns 4 if strong security
> * @returns 5 if entropy-death-of-the-universe security :-)
> */
> unsigned octet passwordStrength(in DOMString type);
>
I don't think this is a good idea. Can't user-agents warn about insecure
passwords without the help of author-supplied scripts?
More information about the whatwg
mailing list