Login and Registration: Ensure a revealed password is reverted to the password input type upon form submission.

johnbillion · johnbillion · commit a49176e653d5 · 2025-06-13T10:35:04.000Z
This means if a password has been toggled to visible by the user, or is visible by default, it gets reverted to the `password` type to prevent browsers from remembering it as a previously-provided value and potentially displaying it as an autofill option on non-password inputs. Props jamieburchell, sukhendu2002, vgnavada Fixes #62147 git-svn-id: https://develop.svn.wordpress.org/trunk@60306 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/js/_enqueues/admin/user-profile.js b/src/js/_enqueues/admin/user-profile.js
@@ -101,6 +101,8 @@
 			return;
 		}
 		$toggleButton = $pass1Row.find('.wp-hide-pw');
+
+		// Toggle between showing and hiding the password.
 		$toggleButton.show().on( 'click', function () {
 			if ( 'password' === $pass1.attr( 'type' ) ) {
 				$pass1.attr( 'type', 'text' );
@@ -110,6 +112,14 @@
 				resetToggle( true );
 			}
 		});
+
+		// Ensure the password input type is set to password when the form is submitted.
+		$pass1Row.closest( 'form' ).on( 'submit', function() {
+			if ( $pass1.attr( 'type' ) === 'text' ) {
+				$pass1.attr( 'type', 'password' );
+				resetToggle( true );
+			}
+		} );
 	}
 
 	/**
