ADC / AppleID password field won't paste
| Originator: | matt | ||
| Number: | rdar://11705699 | Date Originated: | 6/19/12 |
| Status: | Open | Resolved: | |
| Product: | Product Version: | ||
| Classification: | Reproducible: |
Summary:
The ADC AppleID password field has disabled paste operations. The HTML for
https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login
contains the following attributes on the paste input element:
onpaste="return false ;"
If this is meant as some kind of security measure, it's naive. Apps and Safari Extensions such as 1Password walk the DOM to insert this info all the time, and can't be stopped from doing so. It also seems extremely unlikely that a malicious individual would script the browser to perform a user-level paste operation, let alone be deterred by this sort of thing. All the above markup does is aggravate honest iOS users with strong passwords who store them in an external utility, then paste them into Safari when needed.
I log into many websites on a daily basis. ADC is only one that has this silly restriction. Please remove it. You're not protecting anybody.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Temporary workaround
Add the following as a bookmarklet and run it before pasting: javascript:var a=document.getElementsByTagName('input');for(var i=0;i<a.length;i++){a[i].onpaste=null}