A user’s credentials are valuable, and are often the key target of phishing and content injection attacks. If a content injection attack can trick a user’s credential manager into autofilling her credentials, then the user’s credentials will be available to the attacker directly via DOM APIs or indirectly via form submission to a malicious endpoint. The latter risk can be mitigated via the Content Security Policy
form-action directive, but the former is a real problem. If passwords are a simple
value accessor away, users are at risk.
writeonly attribute to
<input writeonly type="password">
This would throw an
value* accessors, bar the element from constraint validation, block
keypress events, and probably other things I haven’t considered yet.
This state could also be controlled via a Content Security Policy directive which would set
writeonly state for some arbitrary set of
input elements, perhaps based on
autocomplete attribute values. Perhaps:
Content-Security-Policy: form-writeonly cc-number cc-csc ... current-password new-password
I’ve strawmanned this out in a bit of detail at https://mikewest.github.io/credentialmanagement/writeonly/, and there was a short-lived public-webapps thread at http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0165.html