All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.sonar.l10n.web.rules.Web.S1443.html Maven / Gradle / Ivy

There is a newer version: 2.6.0.1053
Show newest version

Most browsers automatically fill the content of input elements of type 'password' when this password has already been provided in the past.

Imagine that user B takes control of a machine belonging to a user A. Accessing a secured web site as user A is trivial for user B if form input elements are automatically filled in by the browser on the site's login page.

HTML 5 specifies the ability to turn this functionality off on a field-by-field basis using the autocomplete attribute, but most modern browsers ignore it in favor of their own password management.

Noncompliant Code Example

For HTML5:

<input type="password" />

Compliant Solution

For HTML5:

<input type="password" autocomplete="off" />

Deprecated

This rule is deprecated, and will eventually be removed.





© 2015 - 2024 Weber Informatics LLC | Privacy Policy