Closed Bug 1547294 Opened 5 years ago Closed 2 years ago

Don't save values in fields with `autocomplete="one-time-code"` in form history

Categories

(Toolkit :: Form Manager, enhancement, P3)

Product:
Toolkit
Component:
Form Manager
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
109 Branch
Tracking Flags:
Tracking Status
firefox109 --- fixed

People

(Reporter: MattN, Assigned: hereisdx, Mentored)

References

(
URL
)

Details

(Keywords: dev-doc-complete, Whiteboard: [lang=js][lang=cpp])

Attachments

(1 file)

Bug 1547294 - Don't save values in fields with `autocomplete="one-time-code"` r=mattn
48 bytes, text/x-phabricator-request
Details | Review

Don't save values from autocomplete="one-time-code" fields in form history as they just add noise and usually aren't useful.

Take a look at this commit and add the one-time-code autocomplete value with AUTOCOMPLETE_NO_PERSIST_FIELD_NAME and the related tests.

Also adds tests like https://hg.mozilla.org/integration/autoland/diff/b9002ded5523/toolkit/components/satchel/test/test_form_submission.html and

Summary: Don't autofill saved logins in password fields with `autocomplete="one-time-code"` → Don't save values in fields with `autocomplete="one-time-code"` in form history
Mentor: mozilla+bmo → mak

Hey @mak, I'll start to work on this. :)

Severity: normal → S3
Priority: P2 → P3

This change prevents saving values from autocomplete="one-time-code" fields in form history as they just add noise and usually aren't useful.

Signed-off-by: Divyanshu Agrawal <agrawal-d@outlook.com>

Assignee: nobody → agrawal-d
Status: NEW → ASSIGNED
Pushed by sgalich@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8011703813f5
Don't save values in fields with `autocomplete="one-time-code"` r=credential-management-reviewers,sgalich,mak

https://hg.mozilla.org/mozilla-central/rev/8011703813f5

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox109: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 109 Branch

FF109 Docs - I don't think there is any docs work for this, so I have set to dev-doc-complete.

My understanding is that a one time code is usually used for security purposes, so it would not be safe to save it in form history if it could still be valid, and it is "single use", so there is no point storing it for future autocomplete suggestions. Therefore this issue ensures that the data is not stored in form history to use, for example, for future autocomplete suggestions.

I don't think people need this level of information in the docs - there is nothing they could do with it.

Keywords: dev-doc-neededdev-doc-complete

That's correct, there is no benefit to store one-time-code in autocomplete history.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: