"Spell-Jacking" mitigation ~ prevent sensitive data leak from spell checker. (#2091)

@see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Co-authored-by: Daniel Hammer <daniel.hammer+oss@gmail.com>
2023-02-06 22:29:28 +01:00 · 2023-02-06 22:29:28 +01:00 · fc8462dc8a
parent 9d459fbd0a
commit fc8462dc8a
3 changed files with 27 additions and 7 deletions
--- a/ui/src/layout/Login.js
+++ b/ui/src/layout/Login.js
@ -138,6 +138,7 @@ const FormLogin = ({ loading, handleSubmit, validate }) => {
                    component={renderInput}
                    label={translate('ra.auth.username')}
                    disabled={loading}
+                    spellCheck={false}
                  />
                </div>
                <div className={classes.input}>
@ -201,6 +202,7 @@ const FormSignUp = ({ loading, handleSubmit, validate }) => {
                    component={renderInput}
                    label={translate('ra.auth.username')}
                    disabled={loading}
+                    spellCheck={false}
                  />
                </div>
                <div className={classes.input}>
--- a/ui/src/user/UserCreate.js
+++ b/ui/src/user/UserCreate.js
@ -51,10 +51,18 @@ const UserCreate = (props) => {
  return (
    <Create title={<Title subTitle={title} />} {...props}>
      <SimpleForm save={save} variant={'outlined'}>
-        <TextInput source="userName" validate={[required()]} />
+        <TextInput
+          spellCheck={false}
+          source="userName"
+          validate={[required()]}
+        />
        <TextInput source="name" validate={[required()]} />
-        <TextInput source="email" validate={[email()]} />
-        <PasswordInput source="password" validate={[required()]} />
+        <TextInput spellCheck={false} source="email" validate={[email()]} />
+        <PasswordInput
+          spellCheck={false}
+          source="password"
+          validate={[required()]}
+        />
        <BooleanInput source="isAdmin" defaultValue={false} />
      </SimpleForm>
    </Create>
--- a/ui/src/user/UserEdit.js
+++ b/ui/src/user/UserEdit.js
@ -108,22 +108,32 @@ const UserEdit = (props) => {
        save={save}
      >
        {permissions === 'admin' && (
-          <TextInput source="userName" validate={[required()]} />
+          <TextInput
+            spellCheck={false}
+            source="userName"
+            validate={[required()]}
+          />
        )}
        <TextInput
          source="name"
          validate={[required()]}
          {...getNameHelperText()}
        />
-        <TextInput source="email" validate={[email()]} />
+        <TextInput spellCheck={false} source="email" validate={[email()]} />
        <BooleanInput source="changePassword" />
        <FormDataConsumer>
          {(formDataProps) => (
-            <CurrentPasswordInput isMyself={isMyself} {...formDataProps} />
+            <CurrentPasswordInput
+              spellCheck={false}
+              isMyself={isMyself}
+              {...formDataProps}
+            />
          )}
        </FormDataConsumer>
        <FormDataConsumer>
-          {(formDataProps) => <NewPasswordInput {...formDataProps} />}
+          {(formDataProps) => (
+            <NewPasswordInput spellCheck={false} {...formDataProps} />
+          )}
        </FormDataConsumer>

        {permissions === 'admin' && (