Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • sugar_in_your_tea
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    Or just delete the “readonly” bit. I did that on Treasury Direct for years until they finally removed that nonsense.

    • Daemon Silverstein@thelemmy.club
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Sometimes it’s not “readonly”, but a Javascript thing that “event.preventDefault()” and “return false” during the “onpaste” event. As the event is generally set using elm.addEventListener instead of setting elm.onpaste, it’s not possible to remove the listener, as it’d need the reference for the handler function that was set to handle the mentioned JS event. So simply setting the value directly using elm.value bypasses the onpaste event.

      • sugar_in_your_tea
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        That’s fair, not sure why they’d go through that much effort when DOM attributes exist.