diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-08-25 17:54:35 +0200 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-08-25 17:54:35 +0200 |
| commit | 66c8819283e7088a508bdd07e2d1693f3757d42b (patch) | |
| tree | bf4bd7d565e95b34dd4fc08e9b1b936b8314171d | |
| parent | 360a9f3054d7e25c6a5c9b1917ec33e794765c7d (diff) | |
Prevent chrome from completing basic auth credentials
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | templates/part.navigation.addfeed.php | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 409f3e804..efe29f936 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +news (9.0.3) +* **Security (Low)**: Prevent browsers like Chrome from auto-filling your Nextcloud login credentials into Basic Auth form. This could lead users to accidentally saving their credentials in the database and disclosing them to the feed source when the feed is added/updated + news (9.0.2) * **Bugfix**: Do not return millisecond lastModified timestamps in API, #20 diff --git a/templates/part.navigation.addfeed.php b/templates/part.navigation.addfeed.php index 663535115..c74ecb43c 100644 --- a/templates/part.navigation.addfeed.php +++ b/templates/part.navigation.addfeed.php @@ -91,7 +91,7 @@ <input type="password" ng-model="Navigation.feed.password" placeholder="<?php p($l->t('Password')); ?>" - name="password"> + name="password" autocomplete="new-password"> </div> <!-- submit --> |