Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Storing form inputs in component state in React.js, specifically passwords

Tags:

javascript

html

reactjs

got a question about forms in React.js. I don't actually have an issue, but was wondering if there were any flaws in my approach.

I have a simple form, with two inputs for both email and password, like so:

  <input
   type="email"
   name="email"
   value={this.state.email}
   onChange={this.handleChange}
   data-message-required="Please enter your email address"
   data-message-email="Please enter a VALID email address"
   />

and

<input
 type="password"
 name="password"
 value={this.state.password}
 onChange={this.handleChange}
 data-minlength="3"
 data-maxnlength="20"
 data-message="Please enter your password"
 />

handleChange() is written as so:

  handleChange = e => {
   this.setState({
    [e.target.name]:e.target.value
  })}

My question is, is that are there any vulnerabilities in this code? When using React Dev Tools, I can track the components internal state, and the password appears as plaintext. I'm unsure if this means that it is possible for other sources to acquire the password through tracking the component's state.

Sorry if this question has been answered before, I did a quick search but could not find something that was specifically on this topic. Thanks for your time.

like image 267
ifiore Avatar asked Feb 06 '19 16:02

ifiore

People also ask

How do I show password in input field in React?

To show or hide the password in the input field in Reactjs, the basic idea is to change the input tag's type attribute to text from password and vice versa on clicking the "Show password" button or an appropriate button of your own.

How do you store form data in state React?

Create React ComponentCreate src > components folder and create a component file for storing form data in local storage. Name this file form-data-component. js and paste the following code in it. We created a basic user form using Bootstrap 4.

2 Answers

No, no vulnerability here: the user will be able to see the password while it is inside her browser, after she inputs it...

A password should not be a secret for it's owner... :-)

Of course you will use https protocol if you send the password to a server, otherwise it will be visible on the cable, an that is a security issue!

like image 167
MarcoS Avatar answered Sep 21 '22 05:09

MarcoS

I agree with @MarcoS there is no security issue.

I would add if a thief knows how to read the state in dev tools he can also do this:

document.querySelector("[type=password]").value
like image 45
spedy Avatar answered Sep 21 '22 05:09

spedy
Sign in to Comment

Related questions

How to download an image with Python 3/Selenium if the URL begins with "blob:"?
Is this a correct usage of v-on:change?
JavaScript trigger an InputEvent.isTrusted = true
javascript constructor with optional parameters
Visualization of the Recaman Sequence
Trigger Enter keypress in vanilla JS
How do I unit test downloading a file using Jasmine (Angular)?
NestJs - How to get request body on interceptors
Bootstrap Slides lagging while using multi item carousel using angular 6
Get the total value of the matching array elements
iOS 12 Shortcut Setup Question for "Run JavaScript on Web Page"
Convert arrays of arrays to object with key
How can I pre initialise state with hooks in React?
JavaScript big integer square root
ReactJS how to render a component only when scroll down and reach it on the page?
Render script tag in React Component
Is it safe to render a react portal into another component DOM?
React Native: Text and Icon inline
Why do I get 'Unexpected use of 'location' no-restricted-globals'?
What's wrong with awaiting a promise chain?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!