Closed
Bug 1265201
Opened 8 years ago
Closed 8 years ago
Port Bug 1191092 to SeaMonkey (Warn about insecure <input type=password> outside of a <form>.InsecurePasswordUtils should handle <input type=password> outside of a <form>)
Categories
(SeaMonkey :: Passwords & Permissions, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
seamonkey2.45
People
(Reporter: philip.chee, Assigned: frg)
References
()
Details
Attachments
(1 file)
1.69 KB,
patch
|
philip.chee
:
review+
|
Details | Diff | Splinter Review |
Some sites (e.g. hulu.com's homepage) have insecure logins pages without using a <form> element and those get missed by InsecurePasswordUtils. InsecurePasswordUtils should use DOMInputPasswordAdded to catch those cases. We want to have (some/all) of checkForInsecurePasswords work from DOMInputPasswordAdded. We should probably use FormLikeFactory.createFromField(event.target) then use the "FormLike" instead of the real HTMLFormElement in the helper functions where it makes sense.
![]() |
Assignee | |
Comment 1•8 years ago
|
||
This is/was hopefully a no brainer. Tested on Windows 7 en-US x64 VS2015 build >> User agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 >> Firefox/48.0 SeaMonkey/2.45a1 >> Build identifier: 20160417103718 Javascript error is gone and warning is shown in the console. Wasn't there a warning in the browser itself in some cases? I can't seem to get it and can't find it in the code. >> Timestamp: 4/17/2016 11:07:27 AM >> Warning: Password fields present in a form with an insecure (http://) form >> action. This is a security risk that allows user login credentials to be >> stolen. >> Source File: http://www.pinballz.net/?s=168276e5ee016c3363608a511b >> Line: 0 >> Source Code: 0
![]() |
Reporter | |
Comment 2•8 years ago
|
||
Comment on attachment 8742104 [details] [diff] [review] 1265201-insecurepassword.patch r=me
Attachment #8742104 -
Flags: review?(philip.chee) → review+
![]() |
Reporter | |
Comment 3•8 years ago
|
||
http://mxr.mozilla.org/comm-central/source/mozilla/dom/locales/en-US/chrome/security/security.properties?rev=6c7d5b56e472&mark=49-49#49 http://mxr.mozilla.org/comm-central/source/mozilla/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm?rev=41fa5b9cf8dc&mark=97-99,101-101#96
![]() |
Reporter | |
Comment 4•8 years ago
|
||
http://hg.mozilla.org/comm-central/rev/cf03cf8f0fb6
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.45
You need to log in
before you can comment on or make changes to this bug.
Description
•