Input with type password is cleared

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Input with type password is cleared

NameFILIP
Hi,

I am using Thymeleaf with Spring. The problem that I've encountered is in org.thymeleaf.spring3.processor.attr.SpringInputPasswordFieldAttrProcessor.

I have an entity Customer is a field "password". I display it as input of type "password". But when I want to modify an existing entity, I load it from database, all the values are loaded to corresponding inputs, except password, it is set to empty string. I was expecting it to be loaded and displayed with ***.

Are there any good reason to set attribute "value" to empty string?


Reply | Threaded
Open this post in threaded view
|

Re: Input with type password is cleared

Zemi
Administrator
It is not a good practice to send a password back to the client (althought it is shown as ****, it would be plain inside the HTML).
In fact, you shouldn't store an unencrypted password at all.

Anyway, you can always show it using
   th:value="${mybean.password}"

Reply | Threaded
Open this post in threaded view
|

Re: Input with type password is cleared

NameFILIP
In my case, usability is more important than security :)

th:value="${customer.password}" doesn't work... I think th:field is applied after th:value
Reply | Threaded
Open this post in threaded view
|

Re: Input with type password is cleared

Zemi
Administrator
 > th:value="${customer.password}" doesn't work... I think th:field is applied after th:value

Remove the th:field attribute and add name and th:value attributes.
Reply | Threaded
Open this post in threaded view
|

Re: Input with type password is cleared

NameFILIP
Yep, with name it works, thanks a lot! :)