Password.xDangerPlainText

$password.xDangerPlainText() -> string

Description

Return the original plain text.

This is almost always a bad idea because it can easily be leaked into other areas of your app.

It might be used to validate password strength, but this really should be done on the client side instead. The Form module already includes Password validation.

SecurityThe plaintext version of a password should never be stored, whether in logs or a database. Instead, rely on the built-in storage behavior, or call xDangerHash().

$tryPassword = Input.post('password')

$tryPassword.xDangerPlainText()
//= 'my-p@ssw0rd'

Back: Password