How to hide passwords in query params?

I have a simple form which asks for a password as such:

<form action="destination.html" method="POST">
  <input type="password" name="password">
  <input type="submit">
</form>

When the user hits the submit button, the password will be displayed in the query string like destination.html/?password=p@ssw0rd, which is definitely dangerous. Any ways to hide the password upon submission? Thanks.

Could you post a screenshot of this, please? I’m quite sure POST isn’t meant to have this behaviour. @selectall , any insights?

1 Like

That’s definitely strange behavior. What you’re describing sounds like the method “GET” instead of “POST”

Here is what happens when I alter the form the end of the HTML Forms module from the Learn HTML course: https://www.codecademy.com/courses/learn-html/lessons/html-forms/exercises/form-review

You’ll see the query parameters aren’t there when using the POST, but they are when using the method of GET:

Thanks and sorry for the confusion! Let me re-organize my question a bit.

What I meant was, when I submit the form with the POST method, the password is disclosed in the request body, which can be seen using the “Network” tab of the Chrome developer tool. Is there any way to hide the password so it can’t be seen using the developer tool?

image