Disable autocomplete on sensitive fields

Disable autocomplete for registration/login/password change/password reset forms, and security question / captcha fields on Edit Profile form. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2025-07-19 20:59:01 +02:00 · 2019-03-04 11:12:42 +13:00 · 2019-03-04 11:12:42 +13:00 · 348bd2661c
commit 348bd2661c
parent 0196eda3f1
6 changed files with 9 additions and 5 deletions
--- a/layerindex/forms.py
+++ b/layerindex/forms.py
@ -202,6 +202,10 @@ class EditProfileForm(StyledModelForm):

    def __init__(self, *args, **kwargs):
        super(EditProfileForm, self ).__init__(*args, **kwargs)
+        for field in ['captcha', 'security_question_1', 'security_question_2', 'security_question_3', 'answer_1', 'answer_2', 'answer_3']:
+            self.fields[field].widget.attrs.update({
+                'autocomplete': 'off'
+            })
        user = kwargs.get("instance")
        try:
            self.fields['security_question_1'].initial=user.userprofile.securityquestionanswer_set.all()[0].security_question
--- a/templates/django_registration/registration_form.html
+++ b/templates/django_registration/registration_form.html
@ -2,7 +2,7 @@
 {% load i18n %}

 {% block content %}
-<form id="registration_form" method="post" action=".">
+<form id="registration_form" method="post" action="." autocomplete="off">
    {% for hidden in form.hidden_fields %}
        {{ hidden }}
    {% endfor %}
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@ -5,7 +5,7 @@
 {% endblock %}

 {% block content %}
-<form id="login_form" method="post" action=".">
+<form id="login_form" method="post" action="." autocomplete="off">
  {{ form.as_p }}

  <input type="submit" class="btn btn-default" value="{% trans 'Log in' %}" />
--- a/templates/registration/password_change_form.html
+++ b/templates/registration/password_change_form.html
@ -2,7 +2,7 @@
 {% load i18n %}

 {% block content %}
-<form method="post" action=".">
+<form method="post" action="." autocomplete="off">
    {% for hidden in form.hidden_fields %}
        {{ hidden }}
    {% endfor %}
--- a/templates/registration/password_reset_confirm.html
+++ b/templates/registration/password_reset_confirm.html
@ -5,7 +5,7 @@

 {% if validlink %}

-<form id="password_form" method="post" action=".">
+<form id="password_form" method="post" action="." autocomplete="off">
    {% for hidden in form.hidden_fields %}
        {{ hidden }}
    {% endfor %}
--- a/templates/registration/password_reset_form.html
+++ b/templates/registration/password_reset_form.html
@ -2,7 +2,7 @@
 {% load i18n %}

 {% block content %}
-<form id="password_form" method="post" action=".">
+<form id="password_form" method="post" action="." autocomplete="off">
    {% for hidden in form.hidden_fields %}
        {{ hidden }}
    {% endfor %}