Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Clear password boxes on settings change submission 

(imported from commit 523df7ee039db7be30e66608c491cc441f14fd70)
This commit is contained in:
Keegan McAllister 2012-10-30 16:08:58 -04:00
parent 30aab26ccd
commit eac48d9b04
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
zephyr/static/js/ui.js
View File

@ -378,6 +378,13 @@ $(function () {
settings_status.removeClass(status_classes)
.addClass('alert-error')
.text(response).stop(true).fadeTo(0,1);
},
complete: function (xhr, statusText) {
// Whether successful or not, clear the password boxes so that
// passwords don't linger in the DOM for an XSS attacker to find.
//
// TODO: Clear these earlier, while the request is still pending.
$('#old_password, #new_password, #confirm_password').val('');
}
});