From 7c974675bba0fbdd8ee30f918824209e3b29c8a3 Mon Sep 17 00:00:00 2001
From: Waheed Ahmed <waheed.ahmed@arbisoft.com>
Date: Mon, 9 Nov 2020 17:07:13 +0500
Subject: [PATCH] Remove maxlength attribute from register password field.

Pasting a longer password than allowed limit silently truncated to the
max value, resulting in creating an account with a password user is
unaware of because no validation error occurs.

VAN-86
---
 lms/templates/student_account/form_field.underscore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lms/templates/student_account/form_field.underscore b/lms/templates/student_account/form_field.underscore
index 1af84c780a..b30daba18d 100644
--- a/lms/templates/student_account/form_field.underscore
+++ b/lms/templates/student_account/form_field.underscore
@@ -98,7 +98,7 @@
             aria-describedby="<%- form %>-<%- name %>-desc <%- form %>-<%- name %>-validation-error"
             <% } %>
             <% if ( restrictions.min_length ) { %> minlength="<%- restrictions.min_length %>"<% } %>
-            <% if ( restrictions.max_length ) { %> maxlength="<%- restrictions.max_length %>"<% } %>
+            <% if ( restrictions.max_length && type !== 'password' ) { %> maxlength="<%- restrictions.max_length %>"<% } %>
             <% if ( restrictions.readonly )   { %> readonly <% } %>
             <% if ( required ) { %> required<% } %>
             <% if ( typeof errorMessages !== 'undefined' ) {