I have a simple password change form as below. It's part of a larger page, but this snippet serves to illustrate. There's no user identifier in this form - no login name, ID or other reference. It's not required because that information is stored as part of the session data on the server and picked up there when this form is submitted by an AJAX call.
<div id="passwordChange" >
<form id="passwordForm">
<table class="formbox dropshadow">
<thead>
<tr>
<td colspan="2">Change Password</td>
</tr>
</thead>
<tbody>
<tr>
<td><label for="currentPassword">Current Password</label></td>
<td><input id="currentPassword" name="oldPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long"></td>
</tr>
<tr>
<td><label for="newPassword">New Password</label></td>
<td><input id="newPassword" name="newPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long"></td>
</tr>
<tr>
<td><label for="confirmPassword">Confirm Password</label></td>
<td><input id="confirmPassword" name="confirmPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long"></td>
</tr>
</tbody>
<tfoot>
<tr>
<td colspan=2>
<input type="hidden" name="cmd" value="setPassword">
<input type=submit name=submit value="Change Password">
<input type=button name=cancel value="Cancel">
</td>
</tr>
</tfoot>
</table>
</form>
</div>
If I enter a password that Firefox has already stored for the domain in the first password box, and Firefox has stored that password for more than one stored user I get this box pop-up when I click Change Password:
The thing is, I might not be changing the password for any of the listed users, but I can't proceed past this point without giving Firefox an answer. This makes it impossible to change the password for a user whose password is not stored by the Firefox password manager.
Now, there may be a configuration option to enable or disable this behaviour (I'd be pleased to hear about it) but that's only good for my computer.
I want to be able to disable this behaviour as part of the page so that my customers don't run up against it.
Is there some HTML tag or attribute I can use? Is there a Javascript hack, or just a structural change I can make to the form that stops this occurring?
FWIW I'm running Firefox 37.0.2
After grappling with this for a while, I tried adding the autocomplete="off" attribute to my form. With this <input>, lo and behold, no interference from the password manager:
<input autocomplete="off" id="currentPassword" name="oldPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long">
Now, this flies in the face of the bug report referred to by Daniel A. White (see above) and notes on web pages such as this, both of which suggest that the ability to turn off autocomplete is being removed from the browser. Perhaps it is, but it seems that it doesn't apply here, which is all I am concerned about.
(The separate argument about whether browser manufacturers should be unilaterally overriding the wishes of the site designers is a debate for another place and time).
Footnote: While fiddling with this I did something that should have been obvious, but wasn't intuitive: I clicked the red X and closed the window. Password manager disappeared without updating anything and everything was as I wished. I still feel that a 'None of the Above' button, or 'Not Now' or whatever would have been friendlier.
There is no HTML tag or attribute that can accomplish that.
This is Browser specific, not webpage manipulation.
Related
I am developing a django/html application where I have a table of data. I have to make a way for my users to delete multiple rows in a table. Therefore, I have decided to add checkboxes in a list.
I know that I can include it as
<tr>
<td><input type="radio" name="item1" /></td>
<td>Item1</td>
</tr>
<tr>
<td><input type="radio" name="item2" /></td>
<td>Item2</td>
</tr>
for each item. Then in the end, I can add:
<input type="submit" name="delete" value="Delete Items" />
But this will mean that I will have to enclose my list within a <form></form>
Is this an ethical way of doing it?
I want to add this feature to my site but I also want to do it in the most professional way. Can anyone tell me if I am going in the right direction?
Since you use Django, one way would be to take advantage of what Django provides for forms.
Here are the examples from the official doc, for version 1.10:
-for the radio buttons:
https://docs.djangoproject.com/en/1.10/ref/forms/widgets/#widgets-inheriting-from-the-select-widget
-for the form:
https://docs.djangoproject.com/en/1.10/topics/forms/#building-a-form-in-django
A django form uses the form tag.
I've reviewed this post and this post, but they work for me. Those posts are 4-5 years old, so perhaps the browser rules for this have changed or gotten more specific?
Here is the form for login. There is no ajax and no javascript of any kind. I've tried changing the the input name from usernameOrEmailAddress to username and that doesn't change anything.
<form method="post" name="loginForm" id="loginForm" action="login-check.php" autocomplete="on">
<table>
<tr>
<th>Username or Email Address</th>
<td><input autofocus type="text" name="usernameOrEmailAddress" value="" required></td>
</tr>
<tr>
<th>Password</th>
<td><input id="password" type="password" name="password" value="" required title="Password"></td>
</tr>
</table>
<div class='row'>
<input class="inputsubmit button" name="login" type="submit" value="Login" />
</div>
</form>
Neither Chrome nor Firefox prompt to save the password for next time. What am I doing wrong?
Most browsers will do this automatically as long it can detect a username and a password field. Here is a picture on my computer when I just copy and pasted your code.
If it doesn't work for you, clear your cache and cookies then attempt again. Also what browser(s) are you using?
I have a form on a ModX Revo resource that looks fine and is nothing special:
<form id="contactform" action="http://mysite.com/index.php?id=41" method="send">
<tr>
<td class="orange">Name*</td>
<td><input size="24" type="text" name="name" id="name"></td>
</tr>
etc...
<tr>
<td id="tablecenter" colspan="2"><input type="submit" value="Send"></td>
</tr>
</form>
But when I hit send I just get redirected to the home page (404). The receiving resource (resource 41) is published and can be accessed fine in other ways, just not with this form action.
Tried both Send and Get methods as well as short and absolute URLs, but no difference.
Would anyone know why this would be occurring? Thanks!
(ps: FURLs are turned off on this site if it matters).
UPDATE: Seems to not just be resource 41 thats an issue - doesnt work with any resource
Used method="post" instead. Seems to work ok. Closing question
I'm creating a password reset form for use by staff at a school using Google Apps for Education. I'm using the HTMLService API to import an html file and use it as a template. Part of that file is this table:
<table id=passwords>
<tr>
<td>New Password</td>
<td>
<input name='password1' id='password1' type='password'/>
</td>
</tr>
<tr>
<td>Confirm New Password</td>
<td>
<input name='password2' id='password2' type='password'/>
</td>
</tr>
</table>
When I display this as a gadget on a Google Sites page, the type='password' is lost from the html, so passwords aren't hidden when the user types them in:
<table id="passwords-caja-guest-0___">
<tbody><tr>
<td>New Password</td>
<td>
<input autocomplete="off" id="password1-caja-guest-0___" name="password1">
</td>
</tr>
<tr>
<td>Confirm New Password</td>
<td>
<input autocomplete="off" id="password2-caja-guest-0___" name="password2">
</td>
</tr>
</tbody></table>
I can shift to using UIService instead, which has a password input widget that does hide the password, but then the other folks that are going to maintain the site after me will also have to learn UIService's rather lengthy API.
So, I'm looking for ideas on how to hide the password input in this context (i.e. just show asterisks or bullets when the user types in a password).
Congratulations! You have filed the very first bug on the new HtmlService :).
It seems that type=password is lost on the sanitization step. It's filed as bug 1487
As a workaround, this will work fine today.
<input name='password1' id='password1' />
<script>document.getElementById('password1').type='password'</script>
That is, setting the type yourself in JavaScript is working. This is only a temporary workaround though; we will fix the underlying bug asap. Thanks for the report.
Update: The underlying bug has been fixed in Caja and we will pick it up in the next Apps Script release.
the password field in the html form i have created for my webpage is displayed some masked value which i believe is the password value that im using to connect to my database(same number of characters). But the problem is only for firefox: ie and chrome is displaying correctly.
ive also tried setting the password value to null (""), it didnt help either.
The variable name for sql password, post etc are different.
this is the code...
<div id="logincont">
<div id="loginfrm">
<form name="loginform" method="post" action="index.php">
<table class="logintable">
<tr>
<td width="70px"><span class="fonts"> Username</span></td><td><input type="text" name="user" id="userfield" /></td>
</tr>
<tr>
<td width="70px"><span class="fonts"> Password</span></td><td><input type="password" name="pass" id="passfield" /></td>
</tr>
<tr>
<td></td><td><input type="submit" name="submit" value="Submit" />
</td></tr></table>
</form>
</div>
</div>
n even after clearing the cache n cookies too, its showing the same thing..
To remove saved passwords in FireFox, go to Tools -> Options, Security tab, click the Saved Passwords button, and remove the saved passwords that you want removed. Also, if you have browser toolbars or add-ons, some of them may save passwords and auto-fill them into forms. I think that the Google Toolbar does this as well, so you may need to look at the security options for that, in addition to the FireFox options.