diff options
author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-12 03:42:21 +0100 |
---|---|---|
committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-12 04:05:49 +0100 |
commit | 6687bc8fced2d5bbfec79d5d908f13448dd1e732 (patch) | |
tree | 0aec2ccc552429f06edcc02f4160556bdfea3f7d | |
parent | 4d81829ff47208ffe19eb3bd2d472a5344844374 (diff) | |
download | padlite-teams-6687bc8fced2d5bbfec79d5d908f13448dd1e732.tar.gz padlite-teams-6687bc8fced2d5bbfec79d5d908f13448dd1e732.tar.bz2 padlite-teams-6687bc8fced2d5bbfec79d5d908f13448dd1e732.zip |
forms: Try to disable autocomplete on forms with password fields
By default browsers (at least chrome is very agressive) try to detect forms
with password inputs and try to insert saved passwords (for example from the
login page). The default attribute to disable this (autocomplete=off) is
ignored sometimes. Therefore we add two hidden input fields, that disable
the auto filling at least in chrome.
-rw-r--r-- | forms.py | 7 | ||||
-rw-r--r-- | templates/pad_change.html | 6 | ||||
-rw-r--r-- | utils/widgets.py | 12 |
3 files changed, 21 insertions, 4 deletions
@@ -2,12 +2,11 @@ from flask.ext.wtf import Form from wtforms import StringField, HiddenField, PasswordField, BooleanField, \ validators, ValidationError from wtforms.ext.sqlalchemy.orm import model_form, ModelConverter -from wtforms.widgets import PasswordInput from app import db from models import Group, Pad from utils.forms import Unique, RedirectMixin -from utils.widgets import TextArea, Static +from utils.widgets import TextArea, Static, PasswordInput CreateGroup = model_form( @@ -50,7 +49,7 @@ _CreatePad = model_form( validators.Regexp('^[a-zA-Z1-9]', message=u'Pad name should not ' 'start with a special character.')]}, 'public': {'validators': []}, - 'password': {'widget': PasswordInput()}, + 'password': {'widget': PasswordInput(autocomplete='off')}, }, db_session=db.session) @@ -72,7 +71,7 @@ ChangePad = model_form( field_args={ 'name': {'widget': Static()}, 'public': {'validators': []}, - 'password': {'widget': PasswordInput()}, + 'password': {'widget': PasswordInput(autocomplete='off')}, }, db_session=db.session) diff --git a/templates/pad_change.html b/templates/pad_change.html index afa0633..5e46d70 100644 --- a/templates/pad_change.html +++ b/templates/pad_change.html @@ -19,6 +19,12 @@ <div class="panel-body"> <form class="form-horizontal" role="form" method="POST"> + <!-- + this will prevent chrome from filling the saved login password + into this form (chrome ignores autocomplete=off) + --> + <input type="text" class="hidden" /><input type="password" class="hidden" /> + {% for field in change_form %} {{ render_field(field) }} {% endfor %} diff --git a/utils/widgets.py b/utils/widgets.py index 3b65b82..4ce206f 100644 --- a/utils/widgets.py +++ b/utils/widgets.py @@ -20,3 +20,15 @@ class TextArea(wtforms.widgets.core.TextArea): if arg not in kwargs: kwargs[arg] = self.kwargs[arg] return super(TextArea, self).__call__(field, **kwargs) + + +class PasswordInput(wtforms.widgets.core.PasswordInput): + def __init__(self, hide_value=True, **kwargs): + self.kwargs = kwargs + super(PasswordInput, self).__init__(hide_value) + + def __call__(self, field, **kwargs): + for arg in self.kwargs: + if arg not in kwargs: + kwargs[arg] = self.kwargs[arg] + return super(PasswordInput, self).__call__(field, **kwargs) |