Bug 65947: Don't save password input values in session history. This resolves a potential security hole where, even after logging out of a web service, a malicious user can click back to the login page and log in without knowing the password. r=gagan@netscape.com, sr=vidur@netscape.com

git-svn-id: svn://10.0.0.236/trunk@99527 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/layout/html/forms/src/nsGfxTextControlFrame2.cpp

@@ -3421,6 +3421,13 @@ nsGfxTextControlFrame2::SaveState(nsIPresContext* aPresContext, nsIPresState** a
     return NS_OK;
   }
 
+  // Never save passwords in session history
+  PRInt32 type;
+  GetType(&type);
+  if (NS_FORM_INPUT_PASSWORD == type) {
+    return NS_OK;
+  }
+
   // Get the value string
   nsString stateString;
   nsresult res = GetProperty(nsHTMLAtoms::value, stateString);