mirrors/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2025-04-04 21:17:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

"Spell-Jacking" mitigation ~ prevent sensitive data leak from spell checker. (#2091)

Browse source 
@see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords

Co-authored-by: Daniel Hammer <daniel.hammer+oss@gmail.com>
This commit is contained in:
Daniel Hammer 2023-02-06 22:29:28 +01:00 committed by GitHub
parent 9d459fbd0a
commit fc8462dc8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ui/src/layout/Login.js
View file

@ -138,6 +138,7 @@ const FormLogin = ({ loading, handleSubmit, validate }) => {
component={renderInput} component={renderInput}
label={translate('ra.auth.username')} label={translate('ra.auth.username')}
disabled={loading} disabled={loading}
spellCheck={false}
/> />
</div> </div>
<div className={classes.input}> <div className={classes.input}>
@ -201,6 +202,7 @@ const FormSignUp = ({ loading, handleSubmit, validate }) => {
component={renderInput} component={renderInput}
label={translate('ra.auth.username')} label={translate('ra.auth.username')}
disabled={loading} disabled={loading}
spellCheck={false}
/> />
</div> </div>
<div className={classes.input}> <div className={classes.input}>

14
ui/src/user/UserCreate.js
View file

@ -51,10 +51,18 @@ const UserCreate = (props) => {
return ( return (
<Create title={<Title subTitle={title} />} {...props}> <Create title={<Title subTitle={title} />} {...props}>
<SimpleForm save={save} variant={'outlined'}> <SimpleForm save={save} variant={'outlined'}>
<TextInput source="userName" validate={[required()]} /> <TextInput
spellCheck={false}
source="userName"
validate={[required()]}
/>
<TextInput source="name" validate={[required()]} /> <TextInput source="name" validate={[required()]} />
<TextInput source="email" validate={[email()]} /> <TextInput spellCheck={false} source="email" validate={[email()]} />
<PasswordInput source="password" validate={[required()]} /> <PasswordInput
spellCheck={false}
source="password"
validate={[required()]}
/>
<BooleanInput source="isAdmin" defaultValue={false} /> <BooleanInput source="isAdmin" defaultValue={false} />
</SimpleForm> </SimpleForm>
</Create> </Create>

18
ui/src/user/UserEdit.js
View file

@ -108,22 +108,32 @@ const UserEdit = (props) => {
save={save} save={save}
> >
{permissions === 'admin' && ( {permissions === 'admin' && (
<TextInput source="userName" validate={[required()]} /> <TextInput
spellCheck={false}
source="userName"
validate={[required()]}
/>
)} )}
<TextInput <TextInput
source="name" source="name"
validate={[required()]} validate={[required()]}
{...getNameHelperText()} {...getNameHelperText()}
/> />
<TextInput source="email" validate={[email()]} /> <TextInput spellCheck={false} source="email" validate={[email()]} />
<BooleanInput source="changePassword" /> <BooleanInput source="changePassword" />
<FormDataConsumer> <FormDataConsumer>
{(formDataProps) => ( {(formDataProps) => (
<CurrentPasswordInput isMyself={isMyself} {...formDataProps} /> <CurrentPasswordInput
spellCheck={false}
isMyself={isMyself}
{...formDataProps}
/>
)} )}
</FormDataConsumer> </FormDataConsumer>
<FormDataConsumer> <FormDataConsumer>
{(formDataProps) => <NewPasswordInput {...formDataProps} />} {(formDataProps) => (
<NewPasswordInput spellCheck={false} {...formDataProps} />
)}
</FormDataConsumer> </FormDataConsumer>
{permissions === 'admin' && ( {permissions === 'admin' && (