Use pattern to validate password length (fixes #3724)

[Nutomic]

The maxLength attribute seems to work as intended, the Mozilla docs mention "the browser will generally prevent user from entering more text than the maxlength attribute allows". And Chrome has the same behaviour, so its unlikely that we will get them to change it.

Instead we can use pattern for validation which works as expected in Chromium.

[dessalines]

This means that whatever browser the user is using, is not mozilla or chrome based then, since its ignoring maxlength.

We have a lot of other maxLengths in the codebase, and I don't think we should handle it with pattern matching.

[matc-pub]

We could also keep maxLength and the pattern.

[Nutomic]

This means that whatever browser the user is using, is not mozilla or chrome based then, since its ignoring maxlength.

Not sure what you mean by this. I tested with Chromium, and it doesnt let you enter more than maxLength characters, so longer passwords are effectively truncated as described in #3724.

We have a lot of other maxLengths in the codebase, and I don't think we should handle it with pattern matching.

Other uses of maxLength look fine as they simply limit the length of various text fields. Only password needs to show a warning if it is too long.

We could also keep maxLength and the pattern.

That wouldnt fix the issue, then password would be truncated again.

[dessalines]

Alright I think I understand, we don't want truncation, we want an error.