Clear text password
-
This isn't huge, but Sallie Mae has a login form with javascript that doesn't work in FireFox. I give them bonus points for overlaying the field labels on top of the actual form fields. When you click on the default text the label is hidden (doesn't work when you click on the field, just the text). Then there is the layout...use of text as an image...
Here is the URL for those who wish to see: https://repaymentoptimizer.salliemae.com/pow/login.aspx?dtd_cell=AB4PBR&hhkey=1001449531.
-
What a waste of that verisign cert.
-
So, they reinvented (and broke) the wheel...
...just so they could show those stupid little bullets instead of asterisks in the password field?
-
[quote user="merreborn"]
So, they reinvented (and broke) the wheel...
...just so they could show those stupid little bullets instead of asterisks in the password field?
[/quote]
What bullets? I get asterisks too, using IE!
-
[quote user="Volmarias"][quote user="merreborn"]
So, they reinvented (and broke) the wheel...
...just so they could show those stupid little bullets instead of asterisks in the password field?
[/quote]
What bullets? I get asterisks too, using IE!
[/quote]I just tried it in IE7 and got bullets. FF 1.5 and Opera 9 both show the typed password in plaintext.
-
Viewing source, the password <input> does have type="password" in it, but I guess the TextBox_OnKeyPress function is bypassing that logic. At first sight, it seems like it should be a bug in FF/Opera, but I haven't read the specs on how javascript should interact with input fields.
-
[quote user="skippy"]Viewing source, the password <input> does have type="password" in it, but I guess the TextBox_OnKeyPress function is bypassing that logic. At first sight, it seems like it should be a bug in FF/Opera, but I haven't read the specs on how javascript should interact with input fields.
[/quote]
Well, the handy dandy stacktrace in the error console for Opera 9 says:
JavaScript - https://repaymentoptimizer.salliemae.com/pow/login.aspx?dtd_cell=AB4PBR&hhkey=1001449531
Event thread: focus
Error:
name: TypeError
message: Statement on line 27: Could not convert undefined or null to object
Backtrace:
Line 27 of inline#3 script in https://repaymentoptimizer.salliemae.com/pow/login.aspx?dtd_cell=AB4PBR&hhkey=1001449531
if (passwordElement.value == "")
else
Line 1 of script
loginElementFocus("userID");
At unknown location
[statement source code not available]
Seriously, this is pretty weak.