From 0e4a19d182139c7ee0506ef5ec4296ae04892e59 Mon Sep 17 00:00:00 2001
From: Ryan Wang <i@ryanc.cc>
Date: Wed, 9 Oct 2024 17:02:58 +0800
Subject: [PATCH] refactor: prevent password field from displaying encrypted
 text (#6801)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#### What type of PR is this?

/area core
/kind improvement
/milestone 2.20.x

#### What this PR does / why we need it:

在提交登录表单时，不在密码框中显示加密文本。

#### Which issue(s) this PR fixes:

Fixes #6799

#### Does this PR introduce a user-facing change?

```release-note
None
```
---
 application/src/main/resources/templates/login_local.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/application/src/main/resources/templates/login_local.html b/application/src/main/resources/templates/login_local.html
index a6021c6f1..3c6bd0eee 100644
--- a/application/src/main/resources/templates/login_local.html
+++ b/application/src/main/resources/templates/login_local.html
@@ -13,13 +13,15 @@
         document.addEventListener("DOMContentLoaded", function () {
             const loginForm = document.getElementById("login-form");
             loginForm.addEventListener("submit", function (event) {
+                const plainPasswordInput = document.getElementById("plainPassword");
                 const passwordInput = document.getElementById("password");
-                const password = passwordInput.value;
-                passwordInput.value = encryptPassword(password);
+                passwordInput.value = encryptPassword(plainPasswordInput.value);
             });
         });
     </script>
 
+    <input type="hidden" name="password" id="password" />
+
     <div class="form-item">
         <label for="username" th:text="#{form.username.label}"> </label>
 
@@ -50,7 +52,7 @@
         </div>
 
         <th:block
-            th:replace="~{gateway_modules/input_fragments :: password(id = 'password', name = 'password', required = 'true', minlength = null, maxlength = 257, enableToggle = true)}"
+            th:replace="~{gateway_modules/input_fragments :: password(id = 'plainPassword', name = null, required = 'true', minlength = null, maxlength = 257, enableToggle = true)}"
         ></th:block>
     </div>
 </div>
\ No newline at end of file