Closed
Bug 1265201
Opened 9 years ago
Closed 9 years ago
Port Bug 1191092 to SeaMonkey (Warn about insecure <input type=password> outside of a <form>.InsecurePasswordUtils should handle <input type=password> outside of a <form>)
Categories
(SeaMonkey :: Passwords & Permissions, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
seamonkey2.45
People
(Reporter: philip.chee, Assigned: frg)
References
()
Details
Attachments
(1 file)
1.69 KB,
patch
|
philip.chee
:
review+
|
Details | Diff | Splinter Review |
Some sites (e.g. hulu.com's homepage) have insecure logins pages without using a <form> element and those get missed by InsecurePasswordUtils. InsecurePasswordUtils should use DOMInputPasswordAdded to catch those cases.
We want to have (some/all) of checkForInsecurePasswords work from DOMInputPasswordAdded. We should probably use FormLikeFactory.createFromField(event.target) then use the "FormLike" instead of the real HTMLFormElement in the helper functions where it makes sense.
Assignee | ||
Comment 1•9 years ago
|
||
This is/was hopefully a no brainer.
Tested on Windows 7 en-US x64 VS2015 build
>> User agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101
>> Firefox/48.0 SeaMonkey/2.45a1
>> Build identifier: 20160417103718
Javascript error is gone and warning is shown in the console. Wasn't there a warning in the browser itself in some cases? I can't seem to get it and can't find it in the code.
>> Timestamp: 4/17/2016 11:07:27 AM
>> Warning: Password fields present in a form with an insecure (http://) form
>> action. This is a security risk that allows user login credentials to be
>> stolen.
>> Source File: http://www.pinballz.net/?s=168276e5ee016c3363608a511b
>> Line: 0
>> Source Code: 0
Reporter | ||
Comment 2•9 years ago
|
||
Comment on attachment 8742104 [details] [diff] [review]
1265201-insecurepassword.patch
r=me
Attachment #8742104 -
Flags: review?(philip.chee) → review+
Reporter | ||
Comment 3•9 years ago
|
||
Reporter | ||
Comment 4•9 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.45
You need to log in
before you can comment on or make changes to this bug.
Description
•