From c244da072241b4c7f5135ffba9402017c31e4b8b Mon Sep 17 00:00:00 2001 From: Ewan Harris Date: Fri, 23 Sep 2022 18:33:24 +0100 Subject: [PATCH] Disable spellcheck and autocorrect on all sensitive input fields These were already disabled for the username field spellcheck has recently been discovered to potentially disclose information to browser vendors that provide this feature. So disabling it helps to prevent this. autocorrect is a safari only feature that will autocorrect what it believes to be misspelled words, so this is disabled for user experience --- src/__tests__/ui/input/__snapshots__/email_input.test.jsx.snap | 2 +- src/ui/input/captcha_input.jsx | 2 ++ src/ui/input/email_input.jsx | 2 ++ src/ui/input/mfa_code_input.jsx | 2 ++ src/ui/input/password_input.jsx | 2 ++ src/ui/input/username_input.jsx | 2 +- 6 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/__tests__/ui/input/__snapshots__/email_input.test.jsx.snap b/src/__tests__/ui/input/__snapshots__/email_input.test.jsx.snap index 9839a09d8..98b0f7302 100644 --- a/src/__tests__/ui/input/__snapshots__/email_input.test.jsx.snap +++ b/src/__tests__/ui/input/__snapshots__/email_input.test.jsx.snap @@ -1,3 +1,3 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`EmailInput renders without issue 1`] = `"
"`; +exports[`EmailInput renders without issue 1`] = `"
"`; diff --git a/src/ui/input/captcha_input.jsx b/src/ui/input/captcha_input.jsx index 77d05576b..5bdf87e48 100644 --- a/src/ui/input/captcha_input.jsx +++ b/src/ui/input/captcha_input.jsx @@ -114,6 +114,8 @@ export default class CaptchaInput extends React.Component { placeholder={placeholder} autoComplete="off" autoCapitalize="off" + autoCorrect="off" + spellCheck="false" onChange={::this.handleOnChange} onFocus={::this.handleFocus} onBlur={::this.handleBlur} diff --git a/src/ui/input/email_input.jsx b/src/ui/input/email_input.jsx index 299bb191b..d560956bd 100644 --- a/src/ui/input/email_input.jsx +++ b/src/ui/input/email_input.jsx @@ -67,6 +67,8 @@ export default class EmailInput extends React.Component { placeholder="yours@example.com" autoComplete={autoComplete ? 'on' : 'off'} autoCapitalize="off" + autoCorrect="off" + spellCheck="false" onChange={::this.handleOnChange} onFocus={::this.handleFocus} onBlur={::this.handleBlur} diff --git a/src/ui/input/mfa_code_input.jsx b/src/ui/input/mfa_code_input.jsx index fa596dab0..7f94f7295 100644 --- a/src/ui/input/mfa_code_input.jsx +++ b/src/ui/input/mfa_code_input.jsx @@ -46,6 +46,8 @@ export default class MFACodeInput extends React.Component { className="auth0-lock-input" autoComplete="off" autoCapitalize="off" + autoCorrect="off" + spellCheck="false" onChange={::this.handleOnChange} onFocus={::this.handleFocus} onBlur={::this.handleBlur} diff --git a/src/ui/input/password_input.jsx b/src/ui/input/password_input.jsx index 33571afd0..9f7e359e7 100644 --- a/src/ui/input/password_input.jsx +++ b/src/ui/input/password_input.jsx @@ -91,6 +91,8 @@ export default class PasswordInput extends React.Component { className="auth0-lock-input" autoComplete={allowPasswordAutocomplete ? 'on' : 'off'} autoCapitalize="off" + autoCorrect="off" + spellCheck="false" onChange={::this.handleOnChange} onFocus={::this.handleFocus} onBlur={::this.handleBlur} diff --git a/src/ui/input/username_input.jsx b/src/ui/input/username_input.jsx index 429ca75de..034991fc5 100644 --- a/src/ui/input/username_input.jsx +++ b/src/ui/input/username_input.jsx @@ -60,7 +60,7 @@ export default class UsernameInput extends React.Component { placeholder="username" autoComplete={autoComplete ? 'on' : 'off'} autoCapitalize="off" - spellCheck="off" + spellCheck="false" autoCorrect="off" onChange={::this.handleOnChange} onFocus={::this.handleFocus}