aboutsummaryrefslogtreecommitdiffstats
path: root/templates/repo/migrate/github.tmpl
diff options
context:
space:
mode:
authorDan Church <h3xx@users.noreply.github.com>2023-04-23 09:28:27 -0500
committerGitHub <noreply@github.com>2023-04-23 10:28:27 -0400
commit67da4c1b259e9d000535f35974cf12051c1c42b5 (patch)
treefa253d23def011b6763a78b0c366d1d4c8cccfe3 /templates/repo/migrate/github.tmpl
parentb3e849d1d65799ed08565f56b6356f346e23013f (diff)
downloadgitea-67da4c1b259e9d000535f35974cf12051c1c42b5.tar.gz
gitea-67da4c1b259e9d000535f35974cf12051c1c42b5.zip
Set type="password" on all auth_token fields (#22175)
Set `type="password"` on all `auth_token` fields Seen when migrating from other hosting platforms. 1. Prevents exposing the token to screen capture/cameras/eyeballs. 2. Prevents the browser from saving the value in its autocomplete dictionary, which often is not secure. ![exposed auth token](https://user-images.githubusercontent.com/615684/208541005-e2c9c6b0-3c6c-4a56-95d9-357b987aa0c8.png) Closes #22174 --------- Signed-off-by: Dan Church <amphetamachine@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
Diffstat (limited to 'templates/repo/migrate/github.tmpl')
-rw-r--r--templates/repo/migrate/github.tmpl2
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/repo/migrate/github.tmpl b/templates/repo/migrate/github.tmpl
index 63b5e83a2c..c591f2a465 100644
--- a/templates/repo/migrate/github.tmpl
+++ b/templates/repo/migrate/github.tmpl
@@ -20,7 +20,7 @@
<div class="inline field {{if .Err_Auth}}error{{end}}">
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
- <input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
+ <input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
<a target="_blank" href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">{{svg "octicon-question"}}</a>
<span class="help">
{{.locale.Tr "repo.migrate.github_token_desc"}}