Well, we're actually already putting autocomplete="off" on that field! It's apparently in all of pieform's password elements.
But Firefox ignores that, as described here: https://developer.mozilla.org/en- US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion Probably the best fix for this would be to move the password reset form to another page entirely. But, since this is a low-priority bug and it's right before a major release, the quicker fix is to put in a hidden decoy password field before any of the others. Firefox will detect that and fill it in instead. Then we can just ignore the decoy. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1499164 Title: Don't autofill password reset field on user settings page Status in Mahara: Confirmed Status in Mahara 15.04 series: Confirmed Status in Mahara 15.10 series: Confirmed Bug description: Every time I go to my account settings screen to change something, Firefox always pre-fills the "Current password" field with some obscured text, which is apparently not my current password. And so, if I don't go in and manually clear the field, then it gives me a form validation failure when I try to submit, because the two password fields don't match. We need to put a flag on these fields that tells the web browser not to pre-fill either of them. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1499164/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
