Opened 4 years ago
Closed 3 years ago
#52714 closed defect (bug) (fixed)
Add New User Autofill Bug
Reported by: | clonemykey | Owned by: | joedolson |
---|---|---|---|
Milestone: | 6.0 | Priority: | normal |
Severity: | normal | Version: | 5.6.2 |
Component: | Users | Keywords: | has-patch needs-testing commit |
Focuses: | ui, administration | Cc: |
Description
Right now when I click Add New User it auto-fills the username with my ADMIN username and then also shows my password in plain text.
Attachments (1)
Change History (13)
#3
@
4 years ago
- Keywords reporter-feedback added
- Resolution invalid deleted
- Status changed from closed to reopened
@clonemykey Which browser and/or password manager saves your username and password?
The username input currently does not discourage autocomplete, but the (plain-text) password input has autocomplete="off"
(which Chrome apparently does not honor yet).
I think we could switch the password's attribute to autocomplete="new-password"
instead. It's probably good to add the "off" value for the username as well, for any browser that supports it.
#4
@
4 years ago
@sabernhardt, the issue is only effecting us when we use Chrome for Linux. We're currently on Version 89.0.4389.90 (Official Build) (64-bit). So, it sounds like you're on to something. Using the built-in password manager for Chrome as well.
#5
@
4 years ago
- Keywords has-patch needs-testing added; reporter-feedback removed
Thanks for confirming your browser.
The attached patch worked for me with Chrome (Windows) when I applied the changes to a hosted staging site. (My local installation did not autofill before or after the patch.)
Would the autocomplete_users_for_site_admins
hook require any further adjustments to the patch?
#10
@
3 years ago
The latest patch on #43886 includes the new-password
values on the New User page (but not the off
value for the username).
Hello clonemykey,
Thanks for submit your issue.
Sorry to say that I can't see this issue in my side. https://prnt.sc/10rc5jl