diff --git a/AUTHORS b/AUTHORS
index 02aa836f8d..ad8f876a6f 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -157,6 +157,7 @@ answer newbie questions, and generally made Django that much better:
Oliver Rutherfurd
Ivan Sagalaev (Maniac)
David Schein
+ scott@staplefish.com
serbaut@gmail.com
Pete Shinners
SmileyChris
diff --git a/django/newforms/widgets.py b/django/newforms/widgets.py
index 585e12cc18..18bba31897 100644
--- a/django/newforms/widgets.py
+++ b/django/newforms/widgets.py
@@ -81,6 +81,14 @@ class TextInput(Input):
class PasswordInput(Input):
input_type = 'password'
+ def __init__(self, attrs=None, render_value=True):
+ self.attrs = attrs or {}
+ self.render_value = render_value
+
+ def render(self, name, value, attrs=None):
+ if not self.render_value: value=None
+ return super(PasswordInput, self).render(name, value, attrs)
+
class HiddenInput(Input):
input_type = 'hidden'
is_hidden = True
diff --git a/tests/regressiontests/forms/tests.py b/tests/regressiontests/forms/tests.py
index 644f922d28..080131ad01 100644
--- a/tests/regressiontests/forms/tests.py
+++ b/tests/regressiontests/forms/tests.py
@@ -72,6 +72,22 @@ u''
>>> w.render('email', 'ŠĐĆŽćžšđ', attrs={'class': 'fun'})
u''
+The render_value argument lets you specify whether the widget should render
+its value. You may want to do this for security reasons.
+>>> w = PasswordInput(render_value=True)
+>>> w.render('email', 'secret')
+u''
+>>> w = PasswordInput(render_value=False)
+>>> w.render('email', '')
+u''
+>>> w.render('email', None)
+u''
+>>> w.render('email', 'secret')
+u''
+>>> w = PasswordInput(attrs={'class': 'fun'}, render_value=False)
+>>> w.render('email', 'secret')
+u''
+
# HiddenInput Widget ############################################################
>>> w = HiddenInput()