[Nitro] [PATCH] Controls patch + bugfix

Bryan Soto bryan.a.soto at gmail.com
Mon Jan 9 18:01:10 EST 2006


On 1/9/06, Jonas Pfenniger <zimba.tm at gmail.com> wrote:
>
> Btw, I'm not very satified with my PasswordControl implementation
> because it puts the password in clear in the html. I could do something
> better if I knew a generic way to tell that the field didn't change.
>
>
>
Well, it's the opposite of generic, but perhaps a hidden field and some
javascript would suffice?

Untested change follows:

    %{
      <input type="hidden" id="#{prop.symbol}_changed"
name="#{prop.symbol}_changed"
value="false" />
      <input type="password" id="#{prop.symbol}_ctl" name="#{prop.symbol}"
value="#{"*" * value.length}"#{emit_style} onchange="el =
document.getElementById('#{prop.symbol}_changed'; el.value = "true"; return
false;"/>
    }

Although that could lead to someone's password being changed to a string of
asterisks.

Or as a different implementation, gmail has you type in the old password,
then the new and makes the change on the server.

Any other thoughts?

Bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/nitro-general/attachments/20060109/32ff473b/attachment.html 


More information about the Nitro-general mailing list