WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 2 months ago

#43886 new feature request

Chrome autofills password over "new password" field when updating user.

Reported by: WraithKenny Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: trunk
Component: Users Keywords: 2nd-opinion needs-patch
Focuses: administration Cc:

Description

Chrome, the wonderful browser that it is, is super helpful.

When editing a user (even your own), and attempting to update the password with a nice strong one, Chrome will (helpfully) insert *your* old password into the new password field, right when you click update. (You can tell, because the length of the password will change to your passwords length).

Incognito Mode fixes it, apparently, and uninstalling Chrome in favor of Firefox seems to work too.

From what I've been able to guess, it's because of Chrome's unique implementation of completely ignoring autocomplete="off" https://bugs.chromium.org/p/chromium/issues/detail?id=370363#c7 and suggests autocomplete="new-password" instead.

Alternatively, <form autocomplete="off"> could possibly work. https://stackoverflow.com/questions/15738259/disabling-chrome-autofill

It does seem to make sense to disable autocomplete completely on the edit-user form, since it's not actually useful to fill in some random user's info with info from your browser...especially passwords...despite what Chrome seems to believe.

Change History (1)

#1 @WraithKenny
2 months ago

  • Type changed from defect (bug) to feature request
  • Version set to trunk
Note: See TracTickets for help on using tickets.