You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, thank you very much for developing and maintaining Geneweb.
Describe the bug
I have recently switched to the new version 7. I am running it in CGI mode. While everything works fine, I noticed that the user:password field is behaving as plain text field and not password field like it used to in the v6. As consequence, any text entered is displayed as plain text but also retained as is. This can be seen below where a text suggestion appears below the password box
This is a security issue if using a public computer. This behavior happens with Firefox 126 and Chromium 108.
Expected behavior
The password field should behave as a password field, masking the text typed and not displaying text suggestions.
I am not familiar with the code base but I suspect that changing <input type="text" with <input type="password" at least here could probably solve the issue and make Geneweb more secure.
Versions
Version of packages used to reproduce the bug:
GeneWeb version: 7.1-beta
Branch HEAD compiled on 2024-04-18 from commit 2ab85d8
Thank you top look into this!
The text was updated successfully, but these errors were encountered:
a2line
added a commit
to hgouraud/geneweb
that referenced
this issue
May 13, 2024
Dear Geneweb developer,
First, thank you very much for developing and maintaining Geneweb.
Describe the bug
I have recently switched to the new version 7. I am running it in CGI mode. While everything works fine, I noticed that the
user:password
field is behaving as plain text field and not password field like it used to in the v6. As consequence, any text entered is displayed as plain text but also retained as is. This can be seen below where a text suggestion appears below the password boxThis is a security issue if using a public computer. This behavior happens with Firefox 126 and Chromium 108.
Expected behavior
The password field should behave as a password field, masking the text typed and not displaying text suggestions.
I am not familiar with the code base but I suspect that changing
<input type="text"
with<input type="password"
at least here could probably solve the issue and make Geneweb more secure.Versions
Version of packages used to reproduce the bug:
Thank you top look into this!
The text was updated successfully, but these errors were encountered: