Changeset 60306

Timestamp:

06/13/2025 10:35:04 AM (4 weeks ago)

Author:

johnbillion

Message:

Login and Registration: Ensure a revealed password is reverted to the password input type upon form submission.

This means if a password has been toggled to visible by the user, or is visible by default, it gets reverted to the password type to prevent browsers from remembering it as a previously-provided value and potentially displaying it as an autofill option on non-password inputs.

Props jamieburchell, sukhendu2002, vgnavada

Fixes #62147

File:

• trunk/src/js/_enqueues/admin/user-profile.js (modified) (2 diffs)

trunk/src/js/_enqueues/admin/user-profile.js

@@ -102 +102 @@
         }
         $toggleButton = $pass1Row.find('.wp-hide-pw');
+
+        // Toggle between showing and hiding the password.
         $toggleButton.show().on( 'click', function () {
             if ( 'password' === $pass1.attr( 'type' ) ) {
@@ -111 +113 @@
             }
         });
+
+        // Ensure the password input type is set to password when the form is submitted.
+        $pass1Row.closest( 'form' ).on( 'submit', function() {
+            if ( $pass1.attr( 'type' ) === 'text' ) {
+                $pass1.attr( 'type', 'password' );
+                resetToggle( true );
+            }
+        } );
     }