When you use the input helper for a password field, the value attribute is not rendered. When you use the editor helper, the value attribute is rendered. This is how it works in MVC 5, I haven't tried in Core but a quick look at the code tells me it should work the same (see DefaultEditorTemplates.PasswordTemplate.
Is there a reason for this difference?
maxtoroq
All 6 comments
Hi @maxtoroq. This behavior is intentional.
The reason is that it can lead to sensitive data to be exposed in clear text on the client side, as in the rendered page that value will be in clear text (in the source of the page).
mkArtakMSFT
on 1 Mar 2018
@mkArtakMSFT You either didn't read or didn't understand. I know the behavior is by design. My question is, why isn't the editor helper behavior consistent?
maxtoroq
on 1 Mar 2018
I indeed misunderstood you, @maxtoroq. Reopening to understand how we should move forward here.
mkArtakMSFT
on 1 Mar 2018
@dougbu, seems like a bug. How hard will it be to fix this?
mkArtakMSFT
on 1 Mar 2018
If we confirm this happens in ASP.NET Core MVC as well, it's a one-line fix. Would need a few tests of course.
I also suggest we add a default display template for passwords.
dougbu
on 2 Mar 2018
f061d328d9
dougbu
on 5 Mar 2018
Related issues
CzechsMix
路
3Comments
kspearrin
路
4Comments
svallis
路
3Comments
miroslavsiska
路
4Comments
Mr-Smileys
路
3Comments