Opened 10 years ago

Closed 10 years ago

#24202 closed New feature (wontfix)

Implement a SensitiveTextInput widget for sensitive input fields

Reported by: Håkan W Owned by: nobody
Component: Forms Version: 1.7
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Håkan W)

If you're implementing Stripe, Adyen, or other big payment solutions today, then you can use client side encryption, where form fields are used for inputting e.g. credit card number (etc), but that will be encrypted before the form is submitted to the server. These fields should not be sent raw to the server, so you usually remove the name attribute on the input fields.

It would be really great if django had a SensitiveTextInput widget for purposes like this. This idea is from here: http://stackoverflow.com/questions/18116917/change-form-input-attribute-name-to-data-encrypted-name

Here's a suggested class:

# a text input widget with no name attribute
class SensitiveTextInput(forms.TextInput):
    def build_attrs(self, extra_attrs=None, **kwargs):
        attrs = super(SensitiveTextInput, self).build_attrs(extra_attrs, **kwargs)
        if 'name' in attrs:
            del attrs['name']
        return attrs

Change History (2)

comment:1 by Håkan W, 10 years ago

Component: UncategorizedForms
Description: modified (diff)
Type: UncategorizedNew feature

comment:2 by Tim Graham, 10 years ago

Resolution: wontfix
Status: newclosed

I'm not sure this is such a universal problem or implementation that it needs to live in Django itself. Please see an alternate implementation for djangoproject.com's own Stripe integration. The six lines of code you've proposed seem pretty low maintenance for any projects that need it. If you can drive consensus on the DevelopersMailingList that indicates otherwise, then we can reopen this. Thanks!

Note: See TracTickets for help on using tickets.
Back to Top