convert a parameter to secret html using handlebars

Question

I'm trying to send some parameters to set as the value of input of a html page. One of the parameters is a password field and I need to pass that value in some way that it can't be read in browser's developer mode. I'm using handlebars for rendering my html page. my render part of the code is like this:

app.get('/config', verifyToken,(req, res)=> {
console.log('got /config data');
res.render('config',{
    address: config.address,
    port: config.port,
    username: config.username,
    password: config.password,
})

and my html page is like below code:

<input class="long-input" value={{password}} type="password" id="password">

Is there any solution to make the value secure so it can't be read in deveploper mode ?

I don't think that there is a solution to this problem; the value field isn't going to be secure on an input, and is going to be visible if you open up the browser tools. There isn't a way to prevent someone from opening dev tools and seeing the password that is actually in the input. — Evan Bechtol, Nov 27 '18 at 18:33
[This is the closest thing that I could find](https://stackoverflow.com/a/24320533/4515720). From a security perspective, you should **never** send a user/pw combo like this to the client machine. That's a really really bad practice. — Evan Bechtol, Nov 27 '18 at 18:40

convert a parameter to secret html using handlebars

0 Answers0