How to prevent pre-filled username/password fields?

How to prevent pre-filled username/password fields?

  

Hi all,

In an application we're working on we have a webscreen where an administrator can create an user (not a system.user) to allow the user to call a REST service. In this screen an username and password field is added.

When creating a new user the fields are prefilled with the values of the Outsystems account that is logged in:

I've tried changing the name of the fields in the database as well as the name of the item on the screen. This didn't prevent it.

Also adding the extended property "autocomplete=off" to the field or form doesn't prevent it from happening.

This effect is the same for Chrome, Edge and Internet Explorer.

After I removed the password from the browser it stopped. After logging in again, it was back. But this wouldn't be a satisfying solution or workaround.

Anybody know how to prevent this?

Thanks,

Menno

problem is not coming from you, but the browsers...

 to possibly "fool" the browsers by setting autocomplete="cutthesillyness" or some random text.

more info:

https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

Hi Menno, It's really boring. It's looks like Google Chrome ignores the attribute "autocomplete=off".

What you can do is a fake input, you can create a input fake for each input. Your HTML will be like it:

<input type="email" name="email" id="email_fake" class="hidden" autocomplete="off" style="display: none;" />
  <input type="email" name="email" id="email" autocomplete="off" />
  <input type="password" name="password" id="password_fake" class="hidden" autocomplete="off" style="display: none;" />
  <input type="password" name="password" id="password" autocomplete="off" />

See it: https://pt.stackoverflow.com/questions/61510/como-remover-auto-complete-de-input-do-google-chrome


Best Regards

Paulo Ricardo

Hi,

Thanks for the hints and tips.

The random string option didn't do the trick, but following the mozila website I used:

autocomplete="new-password"

on both fields it worked.

Thanks again.

Menno

Menno Hoogsteen wrote:

Hi,

Thanks for the hints and tips.

The random string option didn't do the trick, but following the mozila website I used:

autocomplete="new-password"

on both fields it worked.

Thanks again.

Menno

I tried this solution and I also added an extended property autocomplete off in EditRecord widget. This only work in Google Chrome only but not in IE or Firefox.


Any suggestion


You cannot FORCE a browser to do anything. That's against the Rules Of The Web. You can't force a browser to print, can't force it to let you see a local file, and if the browser decides to autocomplete a field when you requested that it not do so, there is nothing you can do about it. At best maybe you can read the field on Ready or Initialize or whatever and see if it has a value, and wipe it out if it does.

J.Ja

Solution

Have you tried changing your Login button to Ajax Submit? That way, your credentials will be sent to the server via Ajax, and the browser won't prompt you to store them (because, from the browser's perspective, the form wasn't actually submitted).

Solution

leonardo.fernandes wrote:

Have you tried changing your Login button to Ajax Submit? That way, your credentials will be sent to the server via Ajax, and the browser won't prompt you to store them (because, from the browser's perspective, the form wasn't actually submitted).

This worked when I set the method to Ajax Submit and the validation to Client & Server. 


Thanks