Re-Enable value attribute for b:inputSecret

[mtvweb]

I have detected that since 1.1.2 the value attribute for inputSecret is not rendered any more.
I agree it is a security reason, but in my opinion it should be handled by the value bean and not by the component.

I often use value to put a pseudo value into the password fields to indicate that a password is set, i.E. value="*****" in a profile form. So I can detect that it is changed if it is not the value any more. Without rendering the value a secret field always seems to be empty.

It is easy enough to reset value in the bean after logging in or sthg. else to "" or "****" for security.

That's my opinion.

[stephanrauh]

Fair enough. However, I don't want to return to the original implementation. Now it shows an empty input field if there's no value, and eight asterisks if there's a value. The decode() method ignores the eight asterisks, so the password isn't set inadvertently.

How do you like this idea?

[mtvweb]

Why not an attribute "ignoreValue" with default "true", which will enable the possibility to switch back to the old behaviour.

[stephanrauh]

I've implemented the feature. The attribute is called render-value. The default value is false.

I didn't include it in the taglib yet. I hope you're using an IDE that doesn't mind. My current copy of the taglib already contains a half-finished new component, so I don't want to publish it yet.