-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
4.0.6
-
None
-
MOODLE_400_STABLE
The LTI form mod/lti/mod_form.php field "id_password" is incorrectly autofilled by many browsers. It causes that the correct lti key is overwritten by the users password that was entered in the login form.
This issue regularly occurs with our moodle instances (about 2.700) since 4.0.x and several browsers, e.g. Chrome, Firefox. The problem is not fixed with adding "autocomplete=off" to https://github.com/moodle/moodle/blob/MOODLE_400_STABLE/mod/lti/mod_form.php#L244 because many browsers ignore this attribute-value-setting.
Changing line 244 to
$mform->addElement('password', 'password', get_string('password', 'lti'), array("autocomplete" => "off", "readonly" => "readonly", "onfocus" => "this.removeAttribute('readonly');")); |
would fix this issue but this is pretty uncool.
It would be great if you could fix this issue properly, e.g. by adding a random suffix to the field name "password".
- duplicates
-
MDL-76478 Browsers auto-completing the user's password into inappropriate password unmask form fields
- Closed