On Thu, Jan 27, 2011 at 1:58 AM, Dmitriy Sintsov <[email protected]> wrote: > Surely it should. In a very similar manner, I've had a trouble with > local MediaWiki installation (old 1.14, haven't checked with newer > ones), when I've created user accounts and sent these via the email, > people were unable to login, because when you select a text line using a > mouse, Thunderbird mail sometimes copies line feed character into > clipboard, so it was pasted into the password field then and the > password didn't match. Users were frustrated. I've explained them that > line feed is being placed into the clipboard which is visible when you > paste it into the text editor. I am unsure which browser they have been > used, maybe some browsers strip 13 / 10 from text inputs, maybe don't.
HTML5 specifies that they should, for passwords: "User agents must not allow users to insert U+000A LINE FEED (LF) or U+000D CARRIAGE RETURN (CR) characters into the value." http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#password-state The value sanitization algorithm also makes sure this holds for default values and script-inserted values. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
