In my web application I want to remove the username,password which are automatically stored by browser on click of remember me.
I know this is browser property but is there anyway to remove this on loading of my website and clearing all saved username,password of my website..
Thanks & Regards...
Best way I've found of doing it thusfar, is faking the browser into thinking there are multiple username/password fields on the form. The browser's save username/password generally look for the first password field and the field previous to it for the username, so I have added new fields to the page in a hidden div, outside of my form to resolve the problem
<div style="display:none;">
<input type="text" id="fake_username"/>
<input type="password" id="fake_password"/>
</div>
<form action="..." method="POST">
<input type="text" id="username"/>
<input type="password" id="password"/>
<input type="submit" value="Submit"/>
</form>
I also generally add the autocomplete="off" to my form and input elements, either directly or via a jquery script (below) on document.ready
$(document).ready(function() { $("input").attr("autocomplete", "off") });
I think this is not possible to remove saved passwords but you can prevent saving by
<form id="login" action="loginURL" method="post" autocomplete="off">
Modern browsers implement integrated password management: when the user enters a username and password for a site, the browser offers to remember it for the user. When the user visits the site again, the browser autofills the login fields with the stored values.
Additionally, the browser enables the user to choose a master password that the browser will use to encrypt stored login details.
Even without a master password, in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise.
For this reason, many modern browsers do not support autocomplete="off" for login fields:
If a site sets autocomplete="off" for a form, and the form includes username and password input fields, then the browser will still offer to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page.
If a site sets autocomplete="off" for username and password input fields, then the browser will still offer to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page.
This is the behavior in Firefox (since version 38), Google Chrome (since 34), and Internet Explorer (since version 11).
If an author would like to prevent the autofilling of password fields in user management pages where a user can specify a new password for someone other than themself, autocomplete="new-password" should be specified, though support for this has not been implemented in all browsers yet.
Try This,
<input type="hidden" id="hiddenUsername" name="username"/>
<input type="hidden" id="hiddenPassword" name="password"/>
<form id="theForm" action="/your/login" method="post" autocomplete="off">
<input type="text" id="username" name="username"/>
<input type="password" id="password" name="password"/>
<input type="submit" value="Login"/>
</form>
<script type="text/javascript" language="JavaScript">
$("#theForm").submit(function() {
$("#hiddenUsername").val($("#username").val());
$("#hiddenPassword").val($("#password").val());
});
</script>
Demo, Will work as you want(Note: just to check how it's working with hiddenfields)
Related
I have an MVC 4.0 site that uses AntiForgeryTokens to protect against CSRF attacks.
What I am finding is that I can reuse an old __RequestVerificationToken after new sessions have been opened.
I start with adding to the .cshtml
#Html.AntiForgeryToken()
I then decorate the Post Action method in the controller with
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DoSomething(MyViewModel model)
{
}
I then do the following :-
Log in to admin site and scrape the __RequestVerificationToken value.
Log Out
Log Back In again (in theory there should now be a new token created)
Then submit the form below in a new tab in the same browser (see that I have used the token from the previous request).
<html>
<body>
<form action="http://adminsite.com/DoAction" method="POST">
<input type="hidden" name="id" value="26" />
<input name="__RequestVerificationToken" type="hidden" value="rt95zr0voZbgLga117YNBfwwLpTU8onGCDmZ4IQEisvhiNH_9ISTtsbDzIVgIkRUzwH81PpbrTRGK4MLSp3S3j-JMNjsJTL04TRl2J38rNz8KKomL98gLjEiJoXgMXFt0qaJ8tPaB4_PvGo8ATaxLcA2" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
What I find is that even though I have logged out and back in again, I am still able to use the old __RequestVerificationToken and I can successfully post the form.
After reading through the documentation (http://www.asp.net/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages) there is no mention of invalidation of token.
My questions are :-
Shouldn't it now be invalid?
If not, why not?
Is there a way of making the __RequestVerificationToken invalid after logging out and back in again?
I have an asp.net mvc5 web application which has 5 pages. The information on the last three pages are passed from the first two. So it’s like my first two pages are dynamic and last three changes according to the first two.
My program is only doing the following thing
I fill information in first page, hit submit button via post request, fill information in second page and hit submit button from second page. The rest pages display the result only.
But the problem arises when I press back button from browser form second page, change some value in first page and press submit button, I lose all the data from the second page. I want the second page retain its state whatever it was before.
I really don’t know how hard it is. So can some please advise me how to resolve that problem?
Thanks in advance.Here is just Sample code to illustrate This is the second page
<form action="thirdpage.cshtml" method="post">
MARKET VALUE OF HOUSE 2nd page:
<input id="MVOH" type="number" step="any" name="MVH" /><br/><br/>
MORTGAGE OWING 2nd page:
<input id="MO" type="number" step="any" name="MOwing" /><br/><br/>
MORTGAGE REPAYMENT 2nd page
<input id="MPPM" type="number" name="MP" />
<select id="Sel">
<option value="0">Per week</option>
<option value="1">Per fortnight</option>
<option value="2">Per Month</option>
</select><br/><br/>
<div>
<input id="next" type="submit" value="Income Expenses »"/>
</div>
</form>
And the first page is
<form action="secondpage.cshtml" method="post">
MARKET VALUE OF HOUSE:
<input id="MVOH" type="number" step="any" name="MVH" /><br/><br/>
MORTGAGE OWING:
<input id="MO" type="number" step="any" name="MOwing" /><br/><br/>
<td>MORTGAGE REPAYMENT</td>
<td>
<input id="MPPM" type="number" name="MP" />
<select id="Sel">
<option value="0">Per week</option>
<option value="1">Per fortnight</option>
<option value="2">Per Month</option>
</select><br/><br/>
<div>
<input id="next" type="submit" value="Income Expenses »"/>
</div>
</form>
Please I have provided only a part of code because my page is so big.
The only way to do this is to transfer the changes real time to the server, in the keypress/ change events. You could use an ajax call for this.
After the user navigates to this second page for the second time, you can fill the values he enters earlier
Firstly If you are dealing with ASP.NET MVC, I would strongly recommend you to use HTML Helpers to create your view like HTML.TextBox() or HTML.Label() etc, and bind these elements with your model so that at every request the values will be updated as per the type of Request GET / POST.
Secondly Pressing browser's back/forward button shows you the last cached page, due to which the values may be obsolete, I suggest you to have your own next previous button and initiate get request for the same.
In case you are troubled by the browser's button, you can check the page referrer accordingly and have that check at every post request
I am working on rails 4 application. I need to give payment options for Donation button.
I need to create radiobutton as well as textbox to enter amount of payment for Donation.
My code is
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="xxxxxxxxxxx">
<input type="hidden" name="amount" value="">
<input type="hidden" name="currency_code" value="USD">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
Here I enter value of amount field by jQuery (code is not posted) so it is not empty ("").
But on the second step the amount I submit in hidden field is not shown.
I google it some people say one can not enter amount on hosted button means it would be fixed every time.
Some people say create the buy now button reference => https://www.paypal.com/webapps/mpp/get-started/donate-button-text-field
What should I do is it possible with hosted button?
Should I change my code ?
Whenever you use the PayPal hosted buttons you can't change the amount related information. Hosted buttons are secure in the terms that nobody can fiddle with the amount. Changes to the amount for hosted buttons can only be done thru account or via API's . If you are implementing a solution where you need to change the amount dynamically you should consider using the clear text button or You can dynamically generate the encrypted using the API's
However the variables related to :address ,cancel/return/image/ipn url ,item name/invoice id/custom/quantity can be overridden by passing the variables for hosted buttons.
I have the following form
<form id="file_upload" action="/Upload/Save" method="POST" enctype="multipart/form-data">
<input type="text" id="txtProposalName" name="name" placeholder="Nome da Camiseta" />
<input type="text" id="txtProposalDesc" name="description" placeholder="Descrição da Camiseta"/>
<div class="fileupload-buttonbar">
<div class="progressbar fileupload-progressbar"></div>
<span class="fileinput-button">
Upload images
<input type="file" name="files[]" multiple />
</span>
</div>
<input type="hidden" id="imgID" name="imgID"/>
<input type="submit" id="postProposal"/>
Would call this action:
[HttpPost]
public JsonResult Save(string name, string description, string imgID)
{
return Json("a");
}
(This is the current implementation, it has no logic because I am still testing some things).
My problem is: when I click on my submit button, the action is called with the correct values, but when it returns, my browser redirects to /Upload/Save (which is the action URL).
Why is this happening? Is there any way to prevent it?
Thanks!
You can use an asynchronous call to your method (e.g. AJAX) to prevent the page from reloading.
You can use Ajax.BeginForm to prevent reload page.
As I can see you use full page reload with:
action="/Upload/Save"
Also you trying to post data to json action method in controller. You need all form submit make with jquery, most problems you will find with ajax file uploaders.
Added:
Also look at serialize() it will help you to collect all form input values.
Dont need to prevent it, just redirect the user in your server code .
I have implemented an email sharing service in my web application. People can click on the email button and access a form with which they can send emails to whom they want.
I would like to set a default subject and body.
In the default body text of the email, I would like to pass the link of the page people want to share. Surely it is possible to do so but I do not manage to.
So far it has been a dead end to try to pass the link in the value argument of my text editor. I cannot think if any other way to do it.
Any suggestion greatly appreciated.
The same way you pass data to any other fields that you want to populate.
For example your controller returns a model emailShare that contains subject, body and url etc
In your gsp, lets say you have a textarea for the body of your email,
<g:textField name="emailSubject" value="${emailShare.subject}" />
<g:textArea name="emailBody" value="${emailShare.url}" rows="5" cols="40"/>
This will set the url as the default text in the textarea, which can also be further edited to add more text.
You can get the location of the current page using JavaScript with document.URL Then you can just set a hidden field on your form and submit it with your email request. For example:
<html>
<head>
<script type="text/javascript">
function setLocation(urlField) {
urlField.value = document.URL
}
</script>
</head>
<body>
<form id="exampleForm" name="exampleForm" action="#">
<input type="text" id="url" name="url"/>
<input name="submit" value="submit" type="button" onclick="setLocation(this.form.url);" />
</form>
</body>
</html>