openstack/horizon
Code Issues Proposed changes

Implements the autocomplete attribute on the login form

Browse Source 
The current login form allows the browser to automatically complete the authentication credentials based on saved values. This presents a security risk as described in bug 1116168.

This commit adds the autocomplete attribute to the form tag for the login page to prevent this behaviour.

Change-Id: I1b218b2db787c1581134f9bd80904c161d20b4c3
Fixes: bug #1116168
This commit is contained in:
Jesse Pretorius
2013-02-05 19:28:34 +02:00
parent f36efbb875
commit fea8f873ad
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
horizon/templates/auth/_login.html
View File

@@ -5,6 +5,7 @@
{% block modal_class %}login {% if hide %}modal hide{% endif %}{% endblock %}
{% block form_action %}{% url login %}{% endblock %}
{% block autocomplete %}off{% endblock %}
{% block modal-body %}
<fieldset>

2
horizon/templates/horizon/common/_modal_form.html
View File

@@ -9,7 +9,7 @@
</div>
<hr />
{% endif %}
<form id="{% block form_id %}{% endblock %}" class="{% block form_class %}{% endblock %}" action="{% block form_action %}{% endblock %}" method="{% block form-method %}POST{% endblock %}" {% if add_to_field %}data-add-to-field="{{ add_to_field }}"{% endif %} {% block form_attrs %}{% endblock %}>{% csrf_token %}
<form id="{% block form_id %}{% endblock %}" autocomplete="{% block autocomplete %}{% endblock %}" class="{% block form_class %}{% endblock %}" action="{% block form_action %}{% endblock %}" method="{% block form-method %}POST{% endblock %}" {% if add_to_field %}data-add-to-field="{{ add_to_field }}"{% endif %} {% block form_attrs %}{% endblock %}>{% csrf_token %}
<div class="modal-body clearfix">
{% block modal-body %}
<fieldset>