Password Manager detects and saves the password with a blank username for alipay.com
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P2)
Tracking
()
People
(Reporter: aflorinescu, Assigned: serg)
References
(Depends on 1 open bug, Blocks 1 open bug, )
Details
Attachments
(1 file, 1 obsolete file)
[Affected versions]
Nightly 68.0a1 / 20190502220333
Beta 67.0b15 2019-04-29
Release 66.0.3 2019-04-09
[Affected platforms]
Windows 10
Mac OS 10.13.6
Ubuntu 16.04
[Steps to reproduce]
- Open Firefox with a new profile.
- Reach: https://authet15.alipay.com/login/index.htm
- Switch from scan code to account login.
- Input any strings inside the input boxes (username, password).
- Click the "Sign In" button.
- A pop-up asking the user to save credentials is displayed.
[Expected result]
Both the username and password are being saved by the Password manager.
[Actual result]
Only the password is saved, no username is saved along with the password.
[Regression Range:]
This issues doesn't appear to be a recent regression.
[Note:]
See debug log @ https://bug1540154.bmoattachments.org/attachment.cgi?id=9062154
|
Reporter | |
Updated•6 years ago
|
|
||
Updated•6 years ago
|
|
||
Comment 1•5 years ago
|
||
Reproduced on latest Beta 70.0b7 and Nightly 71 on Windows 10 x64. Updating flags
|
|
||
Comment 2•5 years ago
|
||
Updating affected flags
|
|
||
Comment 4•5 years ago
|
||
The problem also affects the dismissed by default doorhanger so ensure that gets fixed at the same time (bug 1630553).
|
Assignee | |
Comment 5•2 years ago
|
||
Alipay's web page has invisible <input type=text> between username and password inputs.
We should ignore invisible inputs when capturing because user couldn't enter data there.
|
|
Assignee | |
Comment 6•2 years ago
|
||
|
|
Assignee | |
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 7•2 years ago
|
||
|
||
Comment 8•2 years ago
|
||
For the information, we now have checkVisibility API (implemented in Bug 1777293).
|
|
||
Comment 9•2 years ago
•
|
||
My findings so far on using checkVisibility from CSSOM API:
The ccsom docs describe the following steps:
The checkVisibility(options) method must run these steps, when called on an element this:
If this does not have an associated box, return false.
If a shadow-including ancestor of this has content-visibility: hidden, return false.
If the checkOpacity dictionary member of options is true, and this, or a shadow-including ancestor of this, has a computed opacity value of 0, return false.
If the checkVisibilityCSS dictionary member of options is true, and this is invisible, return false.
Return true.
On first DOMContentLoaded calling checkVisibility without adding optional checkVisibilityOptions parameters returns false for both elements (usernameField and passwordField) and therefore prevents autofilling (step 3 and 4 not relevant at this point). When we switch from show_qr tab to show_login tab on authet15.alipay.com checkVisibility returns true for both elements. But focusing on the passwordField shows the AutocompletePopup but only fills in password. Not sure why, because logs say that the correct usernameField is detected as well.
|
|
||
Updated•5 months ago
|
Description
•