I wonder how many custom 'show password' JavaScript implementations fail to toggle the spellcheck attribute to false and so end up allowing users to accidentally send all or part of their password to a remote spellcheck service?
Would you know if it's happening with a PDF opened in Chrome/Edge ? I can only see an <embed> on Win10 Chrome and Edge with 1 of these forms bnl.public.lu/fr/formulaires… so ? ping @nhoizey
Webmentions