Closed Bug 1265201 Opened 4 years ago Closed 4 years ago

Port Bug 1191092 to SeaMonkey (Warn about insecure <input type=password> outside of a <form>.InsecurePasswordUtils should handle <input type=password> outside of a <form>)

Categories

(SeaMonkey :: Passwords & Permissions, defect)

SeaMonkey 2.45 Branch
defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED
seamonkey2.45

People

(Reporter: philip.chee, Assigned: frg)

References

()

Details

Attachments

(1 file)

Some sites (e.g. hulu.com's homepage) have insecure logins pages without using a <form> element and those get missed by InsecurePasswordUtils. InsecurePasswordUtils should use DOMInputPasswordAdded to catch those cases.

We want to have (some/all) of checkForInsecurePasswords work from DOMInputPasswordAdded. We should probably use FormLikeFactory.createFromField(event.target) then use the "FormLike" instead of the real HTMLFormElement in the helper functions where it makes sense.
This is/was hopefully a no brainer.

Tested on Windows 7 en-US x64 VS2015 build

>> User agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 
>> Firefox/48.0 SeaMonkey/2.45a1
>> Build identifier: 20160417103718

Javascript error is gone and warning is shown in the console. Wasn't there a warning in the browser itself in some cases? I can't seem to get it and can't find it in the code.

>> Timestamp: 4/17/2016 11:07:27 AM
>> Warning: Password fields present in a form with an insecure (http://) form 
>> action. This is a security risk that allows user login credentials to be 
>> stolen.
>> Source File: http://www.pinballz.net/?s=168276e5ee016c3363608a511b
>> Line: 0
>> Source Code: 0
Assignee: nobody → frgrahl
Status: NEW → ASSIGNED
Attachment #8742104 - Flags: review?(philip.chee)
Comment on attachment 8742104 [details] [diff] [review]
1265201-insecurepassword.patch

r=me
Attachment #8742104 - Flags: review?(philip.chee) → review+
http://hg.mozilla.org/comm-central/rev/cf03cf8f0fb6
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.45
You need to log in before you can comment on or make changes to this bug.