Cross-browser alternative to -webkit-text-security
. Check out demo at noppa.github.io/text-security.html.
text-security is a simple set of fonts that only consist of 3 different characters.
Disc (the shape normally used in password fields), circle and square. For example, setting
font-family: "text-security-disc"
for
an element should then display all the element's characters in a concealed
way, like it was a password field. This is useful if you want to get the benefits of input[type="password"]
but also combine that with other element types, like input[type="tel"]
. In
fact, the project was created for this exact purpose as an answer to a
StackOverflow
question.
The project builds on top of Adobe's similar font projects Adobe Notdef and Adobe Blank 2.
If you are considering this library to replace a password field with a text field—perhaps to avoid browsers' autofill behavior—please think twice before doing so. Browsers might offer enhanced security features for password fields, like limiting which scripts are allowed to read their values. Opting to use a text field instead will leave your app out of these protections. There are also accessibility issues with this solution, see issue 11. This font simply masks text like a password field would and does not further protect the input. There are legitimate use cases where that's ok (think OTP fields, SSN inputs, etc.), and then there are use cases where it's just not worth it.
Tested in recent versions of Chrome (for desktop and mobile), Edge,
Firefox, Safari for iOS and IE 11. Opera Mini is not supported, as it
does not support @font-face
web fonts.
Chrome and Firefox, which support WOFF2 and cmap subtable format 13, will use the optimized WOFF2 font, which is only 0.8 kb in size. Older browsers like IE will automatically load the compatibility fonts whose names are suffixed "-compat" and weigh about 200 kb.
npm install text-security
You can use the fonts by adding this project as a dependency and including
text-security.css
in your project.
<link href="https://github.com/noppa/text-security/blob/master/node_modules/text-security/text-security.css" rel="stylesheet" type="text/css">
Alternatively, you can grab the fonts you need (most likely text-security-disc and text-security-disc-compat)
from the releases page and include your own @font-face
definition in CSS.
src/style-template.css should give a pretty good idea how to do that, just
change the font name and source path to match your setup.
After the font is loaded, making a field behave like password field is easy.
.my-password-field {
font-family: text-security-disc;
/* Use -webkit-text-security if the browser supports it */
-webkit-text-security: disc;
}
This repository contains the build scripts needed for creating these fonts. If you want to add your own shapes or do other modifications, see Development.md.
The published font is licensed with SIL Open Font License. This is the only license you need to care about if you are simply using the prebuilt fonts.
All the code in this repository that is used for generating these fonts (Dockerfile, Python & shell scripts etc.) are licensed MIT.
This project builds on top of Adobe's font projects Adobe Notdef and Adobe Blank 2, which are included as submodules. They are also licensed with SIL.
Also included as submodules are ttf2eot and t1utils. t1utils has a slightly modified MIT license here. ttf2eot is extracted from Chromium project.