Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
text-security
Advanced tools
Readme
Cross-browser alternative to -webkit-text-security
. Check out demo at noppa.github.io/text-security.html.
text-security is a simple set of fonts that only consist of 3 different characters.
Disc (the shape normally used in password fields), circle and square. For example, setting
font-family: "text-security-disc"
for
an element should then display all the element's characters in a concealed
way, like it was a password field. This is useful if you want to get the benefits of input[type="password"]
but also combine that with other element types, like input[type="tel"]
. In
fact, the project was created for this exact purpose as an answer to a
StackOverflow
question.
The project builds on top of Adobe's similar font projects Adobe Notdef and Adobe Blank 2.
If you are considering this library to replace a password field with a text field—perhaps to avoid browsers' autofill behavior—please think twice before doing so. Browsers might offer enhanced security features for password fields, like limiting which scripts are allowed to read their values. Opting to use a text field instead will leave your app out of these protections. There are also accessibility issues with this solution, see issue 11. This font simply masks text like a password field would and does not further protect the input. There are legitimate use cases where that's ok (think OTP fields, SSN inputs, etc.), and then there are use cases where it's just not worth it.
Tested in recent versions of Chrome (for desktop and mobile), Edge,
Firefox, Safari for iOS and IE 11. Opera Mini is not supported, as it
does not support @font-face
web fonts.
Chrome and Firefox, which support WOFF2 and cmap subtable format 13, will use the optimized WOFF2 font, which is only 0.8 kb in size. Older browsers like IE will automatically load the compatibility fonts whose names are suffixed "-compat" and weigh about 200 kb.
npm install text-security
You can use the fonts by adding this project as a dependency and including
text-security.css
in your project.
<link href="node_modules/text-security/text-security.css" rel="stylesheet" type="text/css">
Alternatively, you can grab the fonts you need (most likely text-security-disc and text-security-disc-compat)
from the releases page and include your own @font-face
definition in CSS.
src/style-template.css should give a pretty good idea how to do that, just
change the font name and source path to match your setup.
After the font is loaded, making a field behave like password field is easy.
.my-password-field {
font-family: text-security-disc;
/* Use -webkit-text-security if the browser supports it */
-webkit-text-security: disc;
}
This repository contains the build scripts needed for creating these fonts. If you want to add your own shapes or do other modifications, see Development.md.
The published font is licensed with SIL Open Font License. This is the only license you need to care about if you are simply using the prebuilt fonts.
All the code in this repository that is used for generating these fonts (Dockerfile, Python & shell scripts etc.) are licensed MIT.
This project builds on top of Adobe's font projects Adobe Notdef and Adobe Blank 2, which are included as submodules. They are also licensed with SIL.
Also included as submodules are ttf2eot and t1utils. t1utils has a slightly modified MIT license here. ttf2eot is extracted from Chromium project.
FAQs
Cross-browser alternative to -webkit-text-security
The npm package text-security receives a total of 25,769 weekly downloads. As such, text-security popularity was classified as popular.
We found that text-security demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.