548
NIST proposes barring some of the most nonsensical password rules
(arstechnica.com)
This is a most excellent place for technology news and articles.
Sometimes it's not "readonly", but a Javascript thing that "event.preventDefault()" and "return false" during the "onpaste" event. As the event is generally set using elm.addEventListener instead of setting elm.onpaste, it's not possible to remove the listener, as it'd need the reference for the handler function that was set to handle the mentioned JS event. So simply setting the value directly using elm.value bypasses the onpaste event.
That's fair, not sure why they'd go through that much effort when DOM attributes exist.