Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Input fields that can accept sensitive data should have `spellcheck='false'`
See original GitHub issueI’m not sure if this should belong in the Dashboards or OUI repro, please move this issue it if is more appropriate somewhere else.
Spell checking systems can send user sensitive data to 3rd parties, the best want to be sure this does not happen is to add spellcheck=false onto html elements that should be protected such as user password fields.
If there are any ‘masked’ fields in OpenSearch they should have this setting applied to them and plugins should be able to turn this on if they are creating custom EuiFieldText based input fields.
More information about this data disclosure [1], and link to conversation where it was unclear how this could be added in Dashboards [2] in a feature that is targeting the v2.4.0 release.
[1] https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords [2] https://github.com/opensearch-project/security-dashboards-plugin/pull/1110/files#r986322939
Issue Analytics
- State:
- Created a year ago
- Comments:9 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks for closing Miki.
@seanneumann Is this issue still open to track the long-term solution? If so, we should remove the v2.4.0 label, as that no longer makes sense. Otherwise we should close.