input field of type password containing password in view source

i'm trying to re-populate user inputs into form fields for when they input data and have to fix it due to errors

i'm usually accomplishing it like this:

<input type="text" name="username" value="<?php echo @$_POST['username'];?>" />
<input type="password" name="password" value="<?php echo @$_POST['password'];?>" />

my problem with this is that when i view source if they put in an invalid username/password, the actual password they typed in is visible in the view source (not sure if browser matters but it's firefox)

what's the best way to accomplis开发者_如何学Pythonh this?

You can't set a default value for a password field without that value being in the source, but you don't need to.

The point of obscuring the password is so that someone looking over the shoulder of the user can't easily see what the password is.

Only the user (who knows what the password they just typed is) can tell their browser to View Source.

If you are worried about the password being intercepted in transit, then it is as vulnerable going from the browser to the server as it is going the other way. Use SSL encryption (https) for all your secure browser-server communications.

Meanwhile, since you are taking data from $_POST (which is external input) and injecting it directly into the page, you are vulnerable to an XSS attack.

Just don't repeat the password. There's little lost (since they got something wrong anyway, and the password is the most likely thing they got wrong) and you can catch honest forgetting to re-enter the password in client-side validation, so it's not too much of a nuisance to a user who neglects to re-enter it.

Arguably there's little risk in re-sending the password as the degree of security as to eavesdropping will be the same (HTTPS or not) for the user sending the password, and hence the only person likely to view-source is the user themselves, but its common enough to clear passwords in such cases that it shouldn't provoke too strong a negative reaction in users.

I really dont think this is a problem since the password shown in the source is invalid anyways. I dont retain the password on fail, I just clear the textbox so user can retype it again.

if username or password is incorrect then always unset the password on error message page. btw don't put @ infront of $_POST, it's a bad practice