org.sonar.l10n.web.rules.Web.S1443.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sonar-web-plugin Show documentation
Show all versions of sonar-web-plugin Show documentation
Enables scanning of HTML, and JSP/JSF files.
Most browsers automatically fill the content of input elements of type 'password' when this password has already been provided in the past.
Imagine that user B takes control of a machine belonging to a user A. Accessing a secured web site as user A is trivial for user B if form input
elements are automatically filled in by the browser on the site's login page.
HTML 5 specifies the ability to turn this functionality off on a field-by-field basis using the autocomplete
attribute, but most
modern browsers ignore it in favor of their own password management.
Noncompliant Code Example
For HTML5:
<input type="password" />
Compliant Solution
For HTML5:
<input type="password" autocomplete="off" />
Deprecated
This rule is deprecated, and will eventually be removed.
© 2015 - 2024 Weber Informatics LLC | Privacy Policy