Hello Jordi, That's a problem indeed. It is caused by a mix of server-side and client-side manipulations of stylesheet classes. I made it consistent; fix will appear in git soon.
Best regards, Wim. 2012/6/11 Jordi Rovira <[email protected]>: > Hello, > > First, a small context introduction: I am developing my company websire > website using Wt, and enjoying it very much so far. Thanks for making this > framework open. > > Now, to the issue: There is a small security problem that may end up > showing user's passwords on screen if the user is not careful. I have found > it on my site, based on the last stable release, but also in your site's > Blog. The steps to reproduce it are simple: > > - Go to blog website: http://www.webtoolkit.eu/wt/blog > - Type a valid (existing) user name in the login box. > - Don't type anything in the password box, and click the Login button. > - The system nicely complains about the password, putting its entry in > red. > - However if you click on it and type your password now, it will be > visible (as if the password entry field is no longer type="password"). > > Not really a big security problem, but it would be good to fix it... > > Regards, > > Jordi > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > witty-interest mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/witty-interest > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ witty-interest mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/witty-interest
