All geek questions in one place

The cleanest way to hide password fields?

We have an error message code which, when an unhandled exception occurs, we send everything by email to our groups. This is great, except when an unhandled exception occurs on the page with the password field, after which it is sent as plain text.

Is there a way to iterate through Request.Form and find out which items are passwords? This is done at a low level, so we cannot look for specific controls.

Naturally, we could check what type of input field, but I'm not sure if this is the cleanest way. Advice?

+3
source share
5 answers

, .

, POSTed . - , . , .

, , . / .. , .

+2

, , . , , . , , , :

script, , , :

function collectPasswordFields() {
    var inputs = document.getElementsByTagName('input'), list = [];
    for (var i = 0; i < inputs.length; ++i)
        if (inputs[i].type == 'password') list.push(inputs[i].name);
    var field = document.createElement('input');
    field.name = '__password_fields';
    field.value = list.join(',');
    document.getElementsByTagName('form')[0].appendChild(field);
}

.

- ?

+2

- type .

HTML5 , input type=password:

type, "password", .

: ( )
: ,

User Agent, , HTML 2. , , .

( ), :

function hidePasswords() {
    var inputs = document.getElementsByTagName('input');
    for (var i = 0; i < inputs.length; ++i)
        if (inputs[i].type == 'password') input[i].value = '*****';
}
0

, /. , .

0

A few solutions, although I'm not sure how bright they are:

1) Keep a list of input identifiers that are passwords on the page, pass this list to the exception handler with the expectation of ignoring these fields.

2) Save the resource file on the website with the page name, field ID and checking the exception handler with this resource file (may not work if the exception is related to the ResourceManager)

3) Keep the database table as with idea 2. There are the same problems.

0
source

Source: https://habr.com/ru/post/1761937/

More articles:


All Articles