[security] Disable browser 'Save Password' functionality

The simplest way to solve this problem is to place INPUT fields outside the FORM tag and add two hidden fields inside the FORM tag. Then in a submit event listener before the form data gets submitted to server copy values from visible input to the invisible ones.

Here's an example (you can't run it here, since the form action is not set to a real login script):

_x000D_
_x000D_
<!doctype html>_x000D_
<html>_x000D_
<head>_x000D_
  <title>Login & Save password test</title>_x000D_
  <meta charset="utf-8">_x000D_
  <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>_x000D_
</head>_x000D_
_x000D_
  <body>_x000D_
      <!-- the following fields will show on page, but are not part of the form -->_x000D_
      <input class="username" type="text" placeholder="Username" />_x000D_
      <input class="password" type="password" placeholder="Password" />_x000D_
_x000D_
      <form id="loginForm" action="login.aspx" method="post">_x000D_
        <!-- thw following two fields are part of the form, but are not visible -->_x000D_
        <input name="username" id="username" type="hidden" />_x000D_
        <input name="password" id="password" type="hidden" />_x000D_
        <!-- standard submit button -->_x000D_
        <button type="submit">Login</button>_x000D_
      </form>_x000D_
_x000D_
    <script>_x000D_
      // attache a event listener which will get called just before the form data is sent to server_x000D_
      $('form').submit(function(ev) {_x000D_
        console.log('xxx');_x000D_
        // read the value from the visible INPUT and save it to invisible one_x000D_
        // ... so that it gets sent to the server_x000D_
        $('#username').val($('.username').val());_x000D_
        $('#password').val($('.password').val());_x000D_
      });_x000D_
    </script>_x000D_
_x000D_
  </body>_x000D_
</html>
_x000D_
_x000D_
_x000D_

Examples related to security

Monitoring the Full Disclosure mailinglist Two Page Login with Spring Security 3.2.x How to prevent a browser from storing passwords JWT authentication for ASP.NET Web API How to use a client certificate to authenticate and authorize in a Web API Disable-web-security in Chrome 48+ When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? How does Content Security Policy (CSP) work? How to prevent Screen Capture in Android Default SecurityProtocol in .NET 4.5

Examples related to browser

How to force reloading a page when using browser back button? How do we download a blob url video How to prevent a browser from storing passwords How to Identify Microsoft Edge browser via CSS? Edit and replay XHR chrome/firefox etc? Communication between tabs or windows How do I render a Word document (.doc, .docx) in the browser using JavaScript? "Proxy server connection failed" in google chrome Chrome - ERR_CACHE_MISS How to check View Source in Mobile Browsers (Both Android && Feature Phone)

Examples related to autocomplete

twitter bootstrap 3.0 typeahead ajax example How do I stop Notepad++ from showing autocomplete for all words in the file how to get value of selected item in autocomplete .autocomplete is not a function Error Angularjs autocomplete from $http autocomplete ='off' is not working when the input type is password and make the input field above it to enable autocomplete Disabling Chrome Autofill How to add Google Maps Autocomplete search box? Google Maps API - how to get latitude and longitude from Autocomplete without showing the map? twitter bootstrap autocomplete dropdown / combobox with Knockoutjs

Examples related to passwords

Your password does not satisfy the current policy requirements Laravel Password & Password_Confirmation Validation Default password of mysql in ubuntu server 16.04 mcrypt is deprecated, what is the alternative? What is the default root pasword for MySQL 5.7 MySQL user DB does not have password columns - Installing MySQL on OSX Changing an AIX password via script? Hide password with "•••••••" in a textField How to create a laravel hashed password Enter export password to generate a P12 certificate