[TASK] Mitigate browser "spell jacking" in form elements
Having manually(!) enabled "enhanced spell checking" in browsers, can lead to scenarios where password data is sent to remote services which actually take care of the spell checking. see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Since this issue is caused by browsers and the determination of "confidentiality" is fuzzy here, this issue is handled in public. Following changes have been applied: + forms dealing mainly with credentials, as well as all forms in ext:install have been adjusted to `<form ... spellcheck="false">` + other password form elements, including TCA type `password` have been adjusted to `<input type="password" ... spellcheck="false">` Resolves: #98492 Releases: main Change-Id: I32cab686040e09fb491a93187a3c1b196e7cf1bf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75930 Tested-by:core-ci <typo3@b13.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Torben Hansen <derhansen@gmail.com> Reviewed-by:
Showing
- typo3/sysext/backend/Classes/Form/Element/PasswordElement.php 1 addition, 0 deletions...3/sysext/backend/Classes/Form/Element/PasswordElement.php
- typo3/sysext/backend/Resources/Private/Layouts/Login.html 1 addition, 1 deletiontypo3/sysext/backend/Resources/Private/Layouts/Login.html
- typo3/sysext/backend/Resources/Private/Templates/Login/ResetPasswordForm.html 2 additions, 0 deletions.../Resources/Private/Templates/Login/ResetPasswordForm.html
- typo3/sysext/backend/Resources/Private/Templates/Login/UserPassLoginForm.html 2 additions, 0 deletions.../Resources/Private/Templates/Login/UserPassLoginForm.html
- typo3/sysext/felogin/Resources/Private/Templates/Login/Login.html 2 additions, 2 deletions...sext/felogin/Resources/Private/Templates/Login/Login.html
- typo3/sysext/install/Resources/Private/Partials/Settings/ExtensionConfiguration/ExtensionForm.html 1 addition, 1 deletion...rtials/Settings/ExtensionConfiguration/ExtensionForm.html
- typo3/sysext/install/Resources/Private/Templates/BackendModule/BackendUserConfirmation.html 1 addition, 1 deletion...vate/Templates/BackendModule/BackendUserConfirmation.html
- typo3/sysext/install/Resources/Private/Templates/Environment/MailTest.html 1 addition, 1 deletion...all/Resources/Private/Templates/Environment/MailTest.html
- typo3/sysext/install/Resources/Private/Templates/Installer/ShowDatabaseConnect.html 1 addition, 1 deletion...rces/Private/Templates/Installer/ShowDatabaseConnect.html
- typo3/sysext/install/Resources/Private/Templates/Installer/ShowDatabaseData.html 1 addition, 1 deletion...sources/Private/Templates/Installer/ShowDatabaseData.html
- typo3/sysext/install/Resources/Private/Templates/Installer/ShowDatabaseSelect.html 1 addition, 1 deletion...urces/Private/Templates/Installer/ShowDatabaseSelect.html
- typo3/sysext/install/Resources/Private/Templates/Installer/ShowDefaultConfiguration.html 1 addition, 1 deletion...Private/Templates/Installer/ShowDefaultConfiguration.html
- typo3/sysext/install/Resources/Private/Templates/Login/ShowLogin.html 1 addition, 1 deletion.../install/Resources/Private/Templates/Login/ShowLogin.html
- typo3/sysext/install/Resources/Private/Templates/Maintenance/CreateAdmin.html 1 addition, 1 deletion.../Resources/Private/Templates/Maintenance/CreateAdmin.html
- typo3/sysext/install/Resources/Private/Templates/Settings/ChangeInstallToolPassword.html 1 addition, 1 deletion...Private/Templates/Settings/ChangeInstallToolPassword.html
Please register or sign in to comment