hdm
commented
9 years ago A better question for the Nexpose team (not really WarVOX related). Autocomplete was the recommended value in the past, but it seems things are changing. Thanks
Closed FrankHassanabad closed 9 years ago
hdm
commented
9 years ago A better question for the Nexpose team (not really WarVOX related). Autocomplete was the recommended value in the past, but it seems things are changing. Thanks
Hello,
Are you guys flagging autocomplete="false" as something that is problematic when not present on password fields? https://github.com/rapid7/warvox/blob/master/app/views/providers/edit.html.erb#L9
All browsers moving forward are disregarding that suggestion: https://bugzilla.mozilla.org/show_bug.cgi?id=956906
I see you reference it here: http://www.rapid7.com/db/vulnerabilities/spider-sensitive-form-data-autocomplete-enabled
But just a heads up, if you flag that any of your scanners, it causes developers to end up adding autocomplete="false" to their HTML markup when it's not needed.