Summary: The input-security property allows password fields to be
unmasked. This allows pages to make "reveal password" buttons etc.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1735384
Standard: https://drafts.csswg.org/css-ui-4/#input-security
Platform coverage: All
Preference: layout.css.input-security.enabled
DevTools bug: N/A
Other browsers:
* WebKit and Blink allow to do this via prefixed -webkit-text-security.
* WebKit has implemented the standard property already:
https://bugs.webkit.org/show_bug.cgi?id=184510
web-platform-tests: They exist, and they pass with my patch.
Let me know if there's any concern with this property. We have unmasking
capabilities for autofilled passwords already, this basically gives the
page authors the tool to do the same.
I could see this perhaps being used maliciously, though then again, a
page can also switch input.type to "text" to reveal the password using
JS, so...
-- Emilio
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/6fe8375a-c89a-0f9b-37fe-abc8f999c16a%40mozilla.com.
