Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • @[email protected]
    link
    fedilink
    English
    13 months ago

    Or just delete the “readonly” bit. I did that on Treasury Direct for years until they finally removed that nonsense.

    • Daemon Silverstein
      link
      fedilink
      English
      13 months ago

      Sometimes it’s not “readonly”, but a Javascript thing that “event.preventDefault()” and “return false” during the “onpaste” event. As the event is generally set using elm.addEventListener instead of setting elm.onpaste, it’s not possible to remove the listener, as it’d need the reference for the handler function that was set to handle the mentioned JS event. So simply setting the value directly using elm.value bypasses the onpaste event.

      • @[email protected]
        link
        fedilink
        English
        23 months ago

        That’s fair, not sure why they’d go through that much effort when DOM attributes exist.