"Spell-Jacking" mitigation ~ prevent sensitive data leak from spell checker.

@see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords

Signed-off-by: Daniel Hammer <daniel.hammer+oss@gmail.com>

templates/common/forgot-password.html

@@ -68,7 +68,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         class="user-custom">
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputUsername" name="username" placeholder="Your username" required>
+                                                id="inputUsername" name="username" placeholder="Your username" spellcheck="false" required>
                                         </div>
                                         <input type="hidden" name="_form_token" value="{{.CSRFToken}}">
                                         <button type="submit" class="btn btn-primary btn-user-custom btn-block">

templates/common/reset-password.html

@@ -68,11 +68,11 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         class="user-custom">
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputCode" name="code" placeholder="Confirmation code" required>
+                                                id="inputCode" name="code" placeholder="Confirmation code" spellcheck="false" required>
                                         </div>
                                         <div class="form-group">
                                             <input type="password" class="form-control form-control-user-custom"
-                                                id="inputPassword" name="password" placeholder="New Password" autocomplete="new-password" required>
+                                                id="inputPassword" name="password" placeholder="New Password" autocomplete="new-password" spellcheck="false" required>
                                         </div>
                                         <input type="hidden" name="_form_token" value="{{.CSRFToken}}">
                                         <button type="submit" class="btn btn-primary btn-user-custom btn-block">

templates/webadmin/admin.html

@@ -37,7 +37,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                 <label for="idUsername" class="col-sm-2 col-form-label">Username</label>
                 <div class="col-sm-10">
                     <input type="text" class="form-control" id="idUsername" name="username" placeholder=""
-                        value="{{.Admin.Username}}" maxlength="255" autocomplete="nope" required {{if not .IsAdd}}readonly{{end}}>
+                        value="{{.Admin.Username}}" maxlength="255" autocomplete="nope" spellcheck="false" required {{if not .IsAdd}}readonly{{end}}>
                 </div>
             </div>
 
@@ -45,7 +45,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                 <label for="idEmail" class="col-sm-2 col-form-label">Email</label>
                 <div class="col-sm-10">
                     <input type="text" class="form-control" id="idEmail" name="email" placeholder=""
-                        value="{{.Admin.Email}}" maxlength="255">
+                        value="{{.Admin.Email}}" maxlength="255" spellcheck="false">
                 </div>
             </div>
 
@@ -73,7 +73,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <div class="form-group row">
                 <label for="idPassword" class="col-sm-2 col-form-label">Password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idPassword" name="password" placeholder="" autocomplete="new-password"
+                    <input type="password" class="form-control" id="idPassword" name="password" placeholder="" autocomplete="new-password" spellcheck="false"
                     {{if not .IsAdd}}aria-describedby="pwdHelpBlock" {{end}}>
                     {{if not .IsAdd}}
                     <small id="pwdHelpBlock" class="form-text text-muted">

templates/webadmin/adminsetup.html

@@ -69,15 +69,15 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         {{end}}
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom" id="inputUsername"
-                                                name="username" placeholder="Username" value="{{.Username}}" required>
+                                                name="username" placeholder="Username" value="{{.Username}}" spellcheck="false" required>
                                         </div>
                                         <div class="form-group">
                                             <input type="password" class="form-control form-control-user-custom" id="inputPassword"
-                                                name="password" placeholder="Password" autocomplete="new-password" required>
+                                                name="password" placeholder="Password" autocomplete="new-password" spellcheck="false" required>
                                         </div>
                                         <div class="form-group">
                                             <input type="password" class="form-control form-control-user-custom" id="inputConfirmPassword"
-                                                name="confirm_password" placeholder="Repeat password" autocomplete="new-password" required>
+                                                name="confirm_password" placeholder="Repeat password" autocomplete="new-password" spellcheck="false" required>
                                         </div>
                                         <input type="hidden" name="_form_token" value="{{.CSRFToken}}">
                                         <button type="submit" class="btn btn-primary btn-user-custom btn-block">

templates/webadmin/changepassword.html

@@ -33,21 +33,21 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <div class="form-group row">
                 <label for="idCurrentPassword" class="col-sm-2 col-form-label">Current password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idCurrentPassword" name="current_password" autocomplete="new-password" required>
+                    <input type="password" class="form-control" id="idCurrentPassword" name="current_password" autocomplete="new-password" spellcheck="false" required>
                 </div>
             </div>
 
             <div class="form-group row">
                 <label for="idNewPassword1" class="col-sm-2 col-form-label">New password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idNewPassword1" name="new_password1" autocomplete="new-password" required>
+                    <input type="password" class="form-control" id="idNewPassword1" name="new_password1" autocomplete="new-password" spellcheck="false" required>
                 </div>
             </div>
 
             <div class="form-group row">
                 <label for="idNewPassword2" class="col-sm-2 col-form-label">Confirm password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idNewPassword2" name="new_password2" autocomplete="new-password" required>
+                    <input type="password" class="form-control" id="idNewPassword2" name="new_password2" autocomplete="new-password" spellcheck="false" required>
                 </div>
             </div>
 

templates/webadmin/eventaction.html

@@ -100,7 +100,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                 <label for="idHTTPUsername" class="col-sm-2 col-form-label">Username</label>
                 <div class="col-sm-3">
                     <input type="text" class="form-control" id="idHTTPUsername" name="http_username" placeholder=""
-                    aria-describedby="usernameHelpBlock" value="{{.Action.Options.HTTPConfig.Username}}" maxlength="255">
+                    aria-describedby="usernameHelpBlock" value="{{.Action.Options.HTTPConfig.Username}}" maxlength="255" spellcheck="false">
                     <small id="httpBodyHelpBlock" class="form-text text-muted">
                         Placeholders are supported
                     </small>
@@ -108,7 +108,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                 <div class="col-sm-2"></div>
                 <label for="idHTTPPassword" class="col-sm-2 col-form-label">Password</label>
                 <div class="col-sm-3">
-                    <input type="password" class="form-control" id="idHTTPPassword" name="http_password" placeholder="" autocomplete="new-password"
+                    <input type="password" class="form-control" id="idHTTPPassword" name="http_password" placeholder="" autocomplete="new-password" spellcheck="false"
                         value="{{if .Action.Options.HTTPConfig.Password.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.Action.Options.HTTPConfig.Password.GetPayload}}{{end}}">
                 </div>
             </div>
@@ -124,10 +124,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                             {{range $idx, $val := .Action.Options.HTTPConfig.Headers}}
                             <div class="row form_field_http_headers_outer_row">
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPHeaderKey{{$idx}}" name="http_header_key{{$idx}}" placeholder="Enter key" value="{{$val.Key}}">
+                                    <input type="text" class="form-control" id="idHTTPHeaderKey{{$idx}}" name="http_header_key{{$idx}}" placeholder="Enter key" value="{{$val.Key}}" spellcheck="false">
                                 </div>
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPHeaderVal{{$idx}}" name="http_header_val{{$idx}}" placeholder="Enter value" value="{{$val.Value}}">
+                                    <input type="text" class="form-control" id="idHTTPHeaderVal{{$idx}}" name="http_header_val{{$idx}}" placeholder="Enter value" value="{{$val.Value}}" spellcheck="false">
                                 </div>
                                 <div class="form-group col-md-1"></div>
                                 <div class="form-group col-md-1">
@@ -139,10 +139,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                             {{else}}
                             <div class="row form_field_http_headers_outer_row">
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPHeaderKey0" name="http_header_key0" placeholder="Enter key" value="">
+                                    <input type="text" class="form-control" id="idHTTPHeaderKey0" name="http_header_key0" placeholder="Enter key" spellcheck="false" value="">
                                 </div>
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPHeaderVal0" name="http_header_val0" placeholder="Enter value" value="">
+                                    <input type="text" class="form-control" id="idHTTPHeaderVal0" name="http_header_val0" placeholder="Enter value" spellcheck="false" value="">
                                 </div>
                                 <div class="form-group col-md-1"></div>
                                 <div class="form-group col-md-1">
@@ -174,10 +174,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                             {{range $idx, $val := .Action.Options.HTTPConfig.QueryParameters}}
                             <div class="row form_field_http_query_outer_row">
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPQueryKey{{$idx}}" name="http_query_key{{$idx}}" placeholder="Enter key" value="{{$val.Key}}">
+                                    <input type="text" class="form-control" id="idHTTPQueryKey{{$idx}}" name="http_query_key{{$idx}}" placeholder="Enter key" spellcheck="false" value="{{$val.Key}}">
                                 </div>
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPQueryVal{{$idx}}" name="http_query_val{{$idx}}" placeholder="Enter value" value="{{$val.Value}}">
+                                    <input type="text" class="form-control" id="idHTTPQueryVal{{$idx}}" name="http_query_val{{$idx}}" placeholder="Enter value" spellcheck="false" value="{{$val.Value}}">
                                 </div>
                                 <div class="form-group col-md-1"></div>
                                 <div class="form-group col-md-1">
@@ -189,10 +189,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                             {{else}}
                             <div class="row form_field_http_query_outer_row">
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPQueryKey0" name="http_query_key0" placeholder="Enter key" value="">
+                                    <input type="text" class="form-control" id="idHTTPQueryKey0" name="http_query_key0" placeholder="Enter key" spellcheck="false" value="">
                                 </div>
                                 <div class="form-group col-md-5">
-                                    <input type="text" class="form-control" id="idHTTPQueryVal0" name="http_query_val0" placeholder="Enter value" value="">
+                                    <input type="text" class="form-control" id="idHTTPQueryVal0" name="http_query_val0" placeholder="Enter value" spellcheck="false" value="">
                                 </div>
                                 <div class="form-group col-md-1"></div>
                                 <div class="form-group col-md-1">

templates/webadmin/events.html

@@ -48,7 +48,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                 </select>
             </div>
             <div class="form-group col-md-3">
-                <input type="text" class="form-control" id="idUsername" name="username" placeholder="Username">
+                <input type="text" class="form-control" id="idUsername" name="username" spellcheck="false" placeholder="Username">
             </div>
             <div class="form-group col-md-3">
                 <input type="text" class="form-control" id="idIp" name="ip" placeholder="IP address">

templates/webadmin/fsconfig.html

@@ -71,12 +71,12 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <label for="idS3AccessKey" class="col-sm-2 col-form-label">Access Key</label>
             <div class="col-sm-3">
                 <input type="text" class="form-control" id="idS3AccessKey" name="s3_access_key" placeholder=""
-                    value="{{.S3Config.AccessKey}}" maxlength="255">
+                    value="{{.S3Config.AccessKey}}" maxlength="255" spellcheck="false">
             </div>
             <div class="col-sm-2"></div>
             <label for="idS3AccessSecret" class="col-sm-2 col-form-label">Access Secret</label>
             <div class="col-sm-3">
-                <input type="password" class="form-control" id="idS3AccessSecret" name="s3_access_secret" placeholder="" autocomplete="new-password"
+                <input type="password" class="form-control" id="idS3AccessSecret" name="s3_access_secret" placeholder="" autocomplete="new-password" spellcheck="false"
                     value="{{if .S3Config.AccessSecret.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.S3Config.AccessSecret.GetPayload}}{{end}}">
             </div>
         </div>
@@ -306,7 +306,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
         <div class="form-group row fsconfig fsconfig-azblobfs">
             <label for="idAzAccountKey" class="col-sm-2 col-form-label">Account Key</label>
             <div class="col-sm-10">
-                <input type="password" class="form-control" id="idAzAccountKey" name="az_account_key" placeholder="" autocomplete="new-password"
+                <input type="password" class="form-control" id="idAzAccountKey" name="az_account_key" placeholder="" autocomplete="new-password" spellcheck="false"
                     value="{{if .AzBlobConfig.AccountKey.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.AzBlobConfig.AccountKey.GetPayload}}{{end}}">
             </div>
         </div>
@@ -315,7 +315,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <label for="idAzSASURL" class="col-sm-2 col-form-label">SAS URL</label>
             <div class="col-sm-10">
                 <input type="password" class="form-control" id="idAzSASURL" name="az_sas_url" placeholder="" aria-describedby="AzSASURLHelpBlock"
-                    autocomplete="new-password" value="{{if .AzBlobConfig.SASURL.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.AzBlobConfig.SASURL.GetPayload}}{{end}}">
+                    autocomplete="new-password" spellcheck="false" value="{{if .AzBlobConfig.SASURL.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.AzBlobConfig.SASURL.GetPayload}}{{end}}">
                 <small id="AzSASURLHelpBlock" class="form-text text-muted">
                     Shared Access Signature URL can be used instead of account name/key
                 </small>
@@ -442,12 +442,12 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <label for="idSFTPUsername" class="col-sm-2 col-form-label">Username</label>
             <div class="col-sm-3">
                 <input type="text" class="form-control" id="idSFTPUsername" name="sftp_username" placeholder=""
-                    value="{{.SFTPConfig.Username}}" maxlength="255">
+                    value="{{.SFTPConfig.Username}}" maxlength="255" spellcheck="false">
             </div>
             <div class="col-sm-2"></div>
             <label for="idSFTPPassword" class="col-sm-2 col-form-label">Password</label>
             <div class="col-sm-3">
-                <input type="password" class="form-control" id="idSFTPPassword" name="sftp_password" placeholder="" autocomplete="new-password"
+                <input type="password" class="form-control" id="idSFTPPassword" name="sftp_password" placeholder="" autocomplete="new-password" spellcheck="false"
                     value="{{if .SFTPConfig.Password.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.SFTPConfig.Password.GetPayload}}{{end}}">
             </div>
         </div>
@@ -463,7 +463,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
         <div class="form-group row fsconfig fsconfig-sftpfs">
             <label for="idSFTPPassphrase" class="col-sm-2 col-form-label">Key Passphrase</label>
             <div class="col-sm-10">
-                <input type="password" class="form-control" id="idSFTPPassphrase" name="sftp_key_passphrase" autocomplete="new-password" placeholder=""
+                <input type="password" class="form-control" id="idSFTPPassphrase" name="sftp_key_passphrase" autocomplete="new-password" placeholder="" spellcheck="false"
                     value="{{if .SFTPConfig.KeyPassphrase.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.SFTPConfig.KeyPassphrase.GetPayload}}{{end}}"
                     aria-describedby="SFTPPassphraseHelpBlock">
                 <small id="SFTPPassphraseHelpBlock" class="form-text text-muted">
@@ -524,13 +524,13 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
         <div class="form-group row fsconfig fsconfig-httpfs">
             <label for="idHTTPUsername" class="col-sm-2 col-form-label">Username</label>
             <div class="col-sm-3">
-                <input type="text" class="form-control" id="idHTTPUsername" name="http_username" placeholder=""
+                <input type="text" class="form-control" id="idHTTPUsername" name="http_username" placeholder="" spellcheck="false"
                     value="{{.HTTPConfig.Username}}" maxlength="255">
             </div>
             <div class="col-sm-2"></div>
             <label for="idHTTPPassword" class="col-sm-2 col-form-label">Password</label>
             <div class="col-sm-3">
-                <input type="password" class="form-control" id="idHTTPPassword" name="http_password" autocomplete="new-password" placeholder=""
+                <input type="password" class="form-control" id="idHTTPPassword" name="http_password" autocomplete="new-password" placeholder="" spellcheck="false"
                     value="{{if .HTTPConfig.Password.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.HTTPConfig.Password.GetPayload}}{{end}}">
             </div>
         </div>
@@ -538,7 +538,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
         <div class="form-group row fsconfig fsconfig-httpfs">
             <label for="idHTTPAPIKey" class="col-sm-2 col-form-label">API Key</label>
             <div class="col-sm-10">
-                <input type="password" class="form-control" id="idHTTPAPIKey" name="http_api_key" autocomplete="new-password" placeholder=""
+                <input type="password" class="form-control" id="idHTTPAPIKey" name="http_api_key" autocomplete="new-password" placeholder="" spellcheck="false"
                     value="{{if .HTTPConfig.APIKey.IsEncrypted}}{{.RedactedSecret}}{{else}}{{.HTTPConfig.APIKey.GetPayload}}{{end}}">
             </div>
         </div>

templates/webadmin/login.html

@@ -31,11 +31,11 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         {{if not .FormDisabled}}
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputUsername" name="username" placeholder="Username" required>
+                                                id="inputUsername" name="username" placeholder="Username" spellcheck="false" required>
                                         </div>
                                         <div class="form-group">
                                             <input type="password" class="form-control form-control-user-custom"
-                                                id="inputPassword" name="password" placeholder="Password" autocomplete="current-password" required>
+                                                id="inputPassword" name="password" placeholder="Password" autocomplete="current-password" spellcheck="false" required>
                                             {{if .ForgotPwdURL}}
                                             <div class="text-right">
                                                 <a class="small" href="{{.ForgotPwdURL}}">Forgot password?</a>

templates/webadmin/mfa.html

@@ -72,7 +72,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             </div>
 
             <div class="input-group">
-                <input type="text" class="form-control" id="idPasscode" name="passcode" value="" placeholder="Authentication code">
+                <input type="text" class="form-control" id="idPasscode" name="passcode" value="" placeholder="Authentication code" spellcheck="false">
                 <span class="input-group-append">
                     <a id="idTOTPSave" class="btn btn-primary" href="#" onclick="totpValidate()" role="button">Verify and save</a>
                 </span>

templates/webadmin/profile.html

@@ -33,7 +33,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <div class="form-group row">
                 <label for="idEmail" class="col-sm-2 col-form-label">Email</label>
                 <div class="col-sm-10">
-                    <input type="text" class="form-control" id="idEmail" name="email" placeholder=""
+                    <input type="text" class="form-control" id="idEmail" name="email" placeholder="" spellcheck="false"
                         value="{{.Email}}" maxlength="255">
                 </div>
             </div>

templates/webadmin/twofactor-recovery.html

@@ -30,7 +30,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         class="user-custom">
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputRecoveryCode" name="recovery_code" placeholder="Recovery code" required>
+                                                id="inputRecoveryCode" name="recovery_code" placeholder="Recovery code" spellcheck="false" required>
                                         </div>
                                         <input type="hidden" name="_form_token" value="{{.CSRFToken}}">
                                         <button type="submit" class="btn btn-primary btn-user-custom btn-block">

templates/webadmin/twofactor.html

@@ -30,7 +30,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         class="user-custom">
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputPasscode" name="passcode" placeholder="Authentication code" required>
+                                                id="inputPasscode" name="passcode" placeholder="Authentication code" spellcheck="false" required>
                                         </div>
                                         <input type="hidden" name="_form_token" value="{{.CSRFToken}}">
                                         <button type="submit" class="btn btn-primary btn-user-custom btn-block">

templates/webadmin/user.html

@@ -68,10 +68,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                         <div class="col-md-12 form_field_tpl_users_outer">
                             <div class="row form_field_tpl_user_outer_row">
                                 <div class="form-group col-md-3">
-                                    <input type="text" class="form-control" id="idTplUsername0" name="tpl_username" placeholder="Username" maxlength="255">
+                                    <input type="text" class="form-control" id="idTplUsername0" name="tpl_username" placeholder="Username" maxlength="255" spellcheck="false">
                                 </div>
                                 <div class="form-group col-md-3">
-                                    <input type="password" class="form-control" id="idTplPassword0" name="tpl_password" placeholder="Password" autocomplete="new-password">
+                                    <input type="password" class="form-control" id="idTplPassword0" name="tpl_password" placeholder="Password" autocomplete="new-password" spellcheck="false">
                                 </div>
                                 <div class="form-group col-md-5">
                                     <textarea class="form-control" id="idTplPublicKey0" name="tpl_public_keys" rows="5"
@@ -99,7 +99,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                 <label for="idUsername" class="col-sm-2 col-form-label">Username</label>
                 <div class="col-sm-10">
                     <input type="text" class="form-control" id="idUsername" name="username" placeholder=""
-                        value="{{.User.Username}}" maxlength="255" autocomplete="nope" required {{if ge .Mode 2}}readonly{{end}}>
+                        value="{{.User.Username}}" maxlength="255" autocomplete="nope" spellcheck="false" required {{if ge .Mode 2}}readonly{{end}}>
                 </div>
             </div>
             {{end}}
@@ -125,7 +125,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <div class="form-group row">
                 <label for="idPassword" class="col-sm-2 col-form-label">Password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idPassword" name="password" value="{{.User.Password}}" placeholder="" autocomplete="new-password">
+                    <input type="password" class="form-control" id="idPassword" name="password" value="{{.User.Password}}" placeholder="" autocomplete="new-password" spellcheck="false">
                 </div>
             </div>
 
@@ -353,7 +353,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                 <label for="idEmail" class="col-sm-2 col-form-label">Email</label>
                                 <div class="col-sm-10">
                                     <input type="text" class="form-control" id="idEmail" name="email" placeholder=""
-                                        value="{{.User.Email}}" maxlength="255" autocomplete="nope">
+                                        value="{{.User.Email}}" maxlength="255" autocomplete="nope" spellcheck="false">
                                 </div>
                             </div>
 
@@ -1160,10 +1160,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
         $(".form_field_tpl_users_outer").append(`
                 <div class="row form_field_tpl_user_outer_row">
                     <div class="form-group col-md-3">
-                        <input type="text" class="form-control" id="idTplUsername${index}" name="tpl_username" placeholder="Username" maxlength="255">
+                        <input type="text" class="form-control" id="idTplUsername${index}" name="tpl_username" placeholder="Username" maxlength="255" spellcheck="false">
                     </div>
                     <div class="form-group col-md-3">
-                        <input type="password" class="form-control" id="idTplPassword${index}" name="tpl_password" placeholder="Password" autocomplete="new-password">
+                        <input type="password" class="form-control" id="idTplPassword${index}" name="tpl_password" placeholder="Password" autocomplete="new-password" spellcheck="false">
                     </div>
                     <div class="form-group col-md-5">
                         <textarea class="form-control" id="idTplPublicKey${index}" name="tpl_public_keys" rows="5"

templates/webclient/changepassword.html

@@ -33,21 +33,21 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <div class="form-group row">
                 <label for="idCurrentPassword" class="col-sm-2 col-form-label">Current password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idCurrentPassword" name="current_password" autocomplete="new-password" required>
+                    <input type="password" class="form-control" id="idCurrentPassword" name="current_password" autocomplete="new-password" spellcheck="false" required>
                 </div>
             </div>
 
             <div class="form-group row">
                 <label for="idNewPassword1" class="col-sm-2 col-form-label">New password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idNewPassword1" name="new_password1" autocomplete="new-password" required>
+                    <input type="password" class="form-control" id="idNewPassword1" name="new_password1" autocomplete="new-password" spellcheck="false" required>
                 </div>
             </div>
 
             <div class="form-group row">
                 <label for="idNewPassword2" class="col-sm-2 col-form-label">Confirm password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idNewPassword2" name="new_password2" autocomplete="new-password" required>
+                    <input type="password" class="form-control" id="idNewPassword2" name="new_password2" autocomplete="new-password" spellcheck="false" required>
                 </div>
             </div>
 

templates/webclient/login.html

@@ -28,11 +28,11 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         {{if not .FormDisabled}}
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputUsername" name="username" placeholder="Username" required>
+                                                id="inputUsername" name="username" placeholder="Username" spellcheck="false" required>
                                         </div>
                                         <div class="form-group">
                                             <input type="password" class="form-control form-control-user-custom"
-                                                id="inputPassword" name="password" placeholder="Password" autocomplete="current-password" required>
+                                                id="inputPassword" name="password" placeholder="Password" autocomplete="current-password" spellcheck="false" required>
                                             {{if .ForgotPwdURL}}
                                             <div class="text-right">
                                                 <a class="small" href="{{.ForgotPwdURL}}">Forgot password?</a>

templates/webclient/mfa.html

@@ -97,7 +97,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             </div>
 
             <div class="input-group">
-                <input type="text" class="form-control" id="idPasscode" name="passcode" value="" placeholder="Authentication code">
+                <input type="text" class="form-control" id="idPasscode" name="passcode" value="" placeholder="Authentication code" spellcheck="false">
                 <span class="input-group-append">
                     <a id="idTOTPSave" class="btn btn-primary" href="#" onclick="totpValidate()" role="button">Verify and save</a>
                 </span>

templates/webclient/profile.html

@@ -33,7 +33,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <div class="form-group row">
                 <label for="idEmail" class="col-sm-2 col-form-label">Email</label>
                 <div class="col-sm-10">
-                    <input type="text" class="form-control" id="idEmail" name="email" placeholder=""
+                    <input type="text" class="form-control" id="idEmail" name="email" placeholder="" spellcheck="false"
                         value="{{.Email}}" maxlength="255" autocomplete="nope" {{if not .LoggedUser.CanChangeInfo}}readonly{{end}}>
                 </div>
             </div>

templates/webclient/share.html

@@ -102,7 +102,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
             <div class="form-group row">
                 <label for="idPassword" class="col-sm-2 col-form-label">Password</label>
                 <div class="col-sm-10">
-                    <input type="password" class="form-control" id="idPassword" name="password" autocomplete="new-password" placeholder=""
+                    <input type="password" class="form-control" id="idPassword" name="password" autocomplete="new-password" placeholder="" spellcheck="false"
                         value="{{.Share.Password}}" aria-describedby="passwordHelpBlock">
                     <small id="passwordHelpBlock" class="form-text text-muted">
                         If set the share will be password-protected

templates/webclient/twofactor-recovery.html

@@ -27,7 +27,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         class="user-custom">
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputRecoveryCode" name="recovery_code" placeholder="Recovery code" required>
+                                                id="inputRecoveryCode" name="recovery_code" placeholder="Recovery code" spellcheck="false" required>
                                         </div>
                                         <input type="hidden" name="_form_token" value="{{.CSRFToken}}">
                                         <button type="submit" class="btn btn-primary btn-user-custom btn-block">

templates/webclient/twofactor.html

@@ -27,7 +27,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
                                         class="user-custom">
                                         <div class="form-group">
                                             <input type="text" class="form-control form-control-user-custom"
-                                                id="inputPasscode" name="passcode" placeholder="Authentication code" required>
+                                                id="inputPasscode" name="passcode" placeholder="Authentication code" spellcheck="false" required>
                                         </div>
                                         <input type="hidden" name="_form_token" value="{{.CSRFToken}}">
                                         <button type="submit" class="btn btn-primary btn-user-custom btn-block">