Make WordPress Core

Opened 4 years ago

Last modified 2 years ago

#41136 new defect (bug)

Login forms lacking autocomplete attributes

Reported by: johnjamesjacoby Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: needs-patch
Focuses: Cc:

Description (last modified by ocean90)

The security team received a report via HackerOne related to autocomplete attributes being omitted from various form fields in wp-login.php. Since there is no direct security issue (and we've handled this type of improvement publicly previously) I'm creating a new ticket here to continue that.

In my research, form fields in wp_login_form(), show_user_form(), and show_blog_form() need similar scrutiny and improvements.

Related: #24364

Attachments (1)

41136.patch (2.4 KB) - added by dhanendran 4 years ago.
autocomplete attribute added

Download all attachments as: .zip

Change History (8)

#1 @netweb
4 years ago

Related: #buddypress6269 "Add autocomplete="off" to bp-login widget password field"

There's some useful prior research links in the above ticket

#2 @ocean90
4 years ago

  • Description modified (diff)

4 years ago

autocomplete attribute added

#3 @afercia
4 years ago

  • Component changed from Users to Login and Registration

This ticket was mentioned in Slack in #design by karmatosed. View the logs.

3 years ago

#5 @melchoyce
3 years ago

What UX feedback is needed here?

This ticket was mentioned in Slack in #design by karmatosed. View the logs.

2 years ago

#7 @melchoyce
2 years ago

  • Keywords ux-feedback removed

Removing ux-feedback for now. Feel free to re-add if the ticket picks back up.

Note: See TracTickets for help on using tickets.