Password value is visible in code inspector

sonarqube

(Pavol) #1

While logging to SonarQube web password is visible in code inspector as you can see on the picture below.

fix: remove line 106 and 122 from sonarqube/server/sonar-web/src/main/js/apps/sessions/components/LoginForm.tsx
‘’’
110


111
112 {translate(‘password’)}
113
114 <input
115 className=“login-input”
116 id=“password”
117 name=“password”
118 onChange={this.handlePwdChange}
119 placeholder={translate(‘password’)}
120 required={true}
121 type=“password”
122 value={this.state.password}
123 />
124

‘’’

(G Ann Campbell) #3

Hi,

Thanks for the report. We’re looking into this internally.

 
Ann