Opened 10 years ago
Last modified 10 years ago
#24202 closed New feature
Implement a SensitiveTextInput widget for sensitive input fields — at Initial Version
| Reported by: | Håkan W | Owned by: | nobody |
|---|---|---|---|
| Component: | Forms | Version: | 1.7 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
If you're implementing Stripe, Adyen, or other big payment solutions today, then you can use client side encryption, where form fields are used for inputting e.g. credit card number (etc), but that will be encrypted before the form is submitted to the server. These fields should not be sent raw to the server, so you usually remove the name attribute on the input fields.
It would be really useful if django had a SensitiveTextInput widget that just removed its name attribute. This idea is from here: http://stackoverflow.com/questions/18116917/change-form-input-attribute-name-to-data-encrypted-name
Suggested class:
{{{python
# a text input widget with no name attribute
class SensitiveTextInput(forms.TextInput):
def build_attrs(self, extra_attrs=None, kwargs):
attrs = super(SensitiveTextInput, self).build_attrs(extra_attrs, kwargs)
if 'name' in attrs:
del attrsname
return attrs
}}}