If in the Form submission, autocomplete is enabled then this might contain sensitive information like "username" or other information.
If any user save, data entered in these fields, then this will be cached by the browser.then attacker can access these informations.
This is especially important, if application is used in public places computers, such as cyber-cafes, airport terminals etc.
by adding the attribute autocomplete="off" to the Form tag or in the individual "input" fields.
No comments:
Post a Comment