Feed http-auth settings may accidently leak owncloud login to 3rd party sites

[yvesf]

The input fields used in the expandable Advanced settings panel contain input elements for Username and Password that will be used to retrieve the feed over HTTP.

Since the two input elements for username and password use the same "name" parameter as the ones in the owncloud login, at least my firefox and chrome auto-fill them as soon as they appear (after I expanded the Advanced settings).

Steps to Reproduce

Explain what you did to encounter the issue

1. Save your OC login credentials in the browser
2. Go to the news app, Subscribe to new feed
3. Click on Advanced settings and watch if the browser auto-fills your OC credentials for this feed.

Implications

This behavior can lead the user to accidentally expose his OC login credentials to the feed provider.
At the same time it risks that the users password is stored in plain-text in the OC database.

System Information

• News app version: 8.8.0
• ownCloud version: nextcloud 9.0.53
• Browser and version: Firefox 48.0 / Chromium Version 52.0.2743.116