git724/forgejo
1
0
Fork 0
Code Issues Pull requests 3 Projects 1 Releases Packages Wiki Activity
forgejo/templates/user/auth/twofa_scratch.tmpl
0ko e3ba342665 fix(ui): disable spellcheck on TOTP form fields (#7868) 
Ref https://codeberg.org/forgejo/forgejo/issues/7842#issuecomment-4574366

Currently browsers could offer spellcheck on these fields, my browser does.

MDN [recommends](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/spellcheck#security_and_privacy_concerns) that on fields with sensitive information this property is set to `false` in case 3rd party not-fully-trusted spellchecking service is used. I consider these fields as containing sensitive information, and spellcheck is not useful on them anyway.

### Testing

There's currently no integration testing for these TOTP forms. I do plan to add some in my other TOTP-related work.

I tested that this did change the behavior in my browser and don't think we need additional testing right now.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7868
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-14 23:04:43 +00:00

26 lines
955 B
Go HTML Template
Raw Blame History

{{template "base/head" .}}
<div role="main" aria-label="{{.Title}}" class="page-content user signin">
<div class="ui middle very relaxed page grid">
<div class="column">
<form class="ui form tw-max-w-2xl tw-m-auto" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}}
<h3 class="ui top attached header">
{{ctx.Locale.Tr "twofa_scratch"}}
</h3>
<div class="ui attached segment">
{{template "base/alert" .}}
<div class="required field">
<label for="token">{{ctx.Locale.Tr "auth.scratch_code"}}</label>
<input id="token" name="token" type="text" autocomplete="off" spellcheck="false" autofocus required>
</div>
<div class="inline field">
<button class="ui primary button">{{ctx.Locale.Tr "auth.verify"}}</button>
<a href="{{AppSubUrl}}/user/two_factor">{{ctx.Locale.Tr "auth.use_onetime_code"}}</a>
</div>
</div>
</form>
</div>
</div>
</div>
{{template "base/footer" .}}
Reference in a new issue View git blame Copy permalink