Evergreen

Turn off spellcheck for password and patron data inputs

Bug #2002327 reported by Stephanie Leary on 2023-01-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	New	High	Unassigned

Bug Description

In Chrome and Edge, the browser spellcheck features send text input data to remote services:
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords

We need to set spellcheck="false" on any password field that can be converted to text to let the user see what they're typing (see bug 1977554), as well as virtually everything in staff/circ/patron/edit.component.html and probably several other places I haven't thought of.

Tags:

Revision history for this message

Stephanie Leary (stephanieleary) wrote on 2023-01-09:

WIP branch here; feel free to add to this.
https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/collab/sleary/lp2002327-disable-userdata-spellcheck-wip

Stephanie Leary (stephanieleary) on 2023-01-09

tags:

added: privacy
removed: security

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.