Closed Bug 1551730 Opened 2 years ago Closed 1 year ago

Use HTMLInputElement.hasBeenTypePassword instead of checking `type` manually

Categories

(Toolkit :: Password Manager, enhancement, P2)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla76
Tracking Flags:
Tracking Status
thunderbird_esr68 --- wontfix
firefox70 --- wontfix
firefox71 --- wontfix
firefox74 --- wontfix
firefox75 --- wontfix
firefox76 --- verified

People

(Reporter: MattN, Assigned: MattN)

References

(Depends on 1 open bug)

Details

(Whiteboard: [passwords:tech-debt] [passwords:fill-ui] [passwords:generation] [passwords:capture-UI])

Attachments

(4 files)

Bug 1551730 - Rename some _autocomplete.html mochitests to the test_autocomplete_*.html prefix. r=sfoster
47 bytes, text/x-phabricator-request
Details | Review
Bug 1551730 - Use hasBeenTypePassword to determine if we're on a password field for autocomplete. r=sfoster
47 bytes, text/x-phabricator-request
Details | Review
Bug 1551730 - Use hasBeenTypePassword for login filling. r=sfoster
47 bytes, text/x-phabricator-request
Details | Review
Bug 1551730 - Don't autofill passwords when hasBeenTypePassword but type!=password. r=sfoster
47 bytes, text/x-phabricator-request
Details | Review

In order to proper handle password fields where the user is able to toggle @type to reveal the password, we should use the ChromeOnly HTMLInputElement.hasBeenTypePassword API to determine whether a field is a "password" field.

We may want to be careful about filling into an unmask password field but I'm not sure there is a good solution to that since we can't be sure the user still has a visible toggle.

Duplicate of this bug: 1570638
Whiteboard: [passwords:tech-debt] → [passwords:tech-debt] [passwords:fill-ui] [passwords:generation] [passwords:capture-UI]
Flags: qe-verify+
Duplicate of this bug: 1061630
Blocks: 1595414

This affects https://accounts.google.com (bug 1595414) and other popular sites (causing us not to save or autocomplete) so I think we should address this in the near-term.

Priority: P3 → P2

We may want to also update the DOMInputPasswordAdded event code to use this property too.

Duplicate of this bug: 1616523
Blocks: 1595244

I've rebased some old patches I had for this.

Assignee: nobody → MattN+bmo
Status: NEW → ASSIGNED
status-firefox74: --- → wontfix
status-firefox75: --- → wontfix
status-firefox76: --- → affected

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #0)

We may want to be careful about filling into an unmask password field but I'm not sure there is a good solution to that since we can't be sure the user still has a visible toggle.

I wonder if we should start by only filling into these when userTriggered?

Context menu code using this.onPassword also should change.

Depends on: 1625075
Depends on: 1625076
Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/autoland/rev/97360a5f3b85
Rename some _autocomplete.html mochitests to the test_autocomplete_*.html prefix. r=sfoster
https://hg.mozilla.org/integration/autoland/rev/7e4f51820b4a
Use hasBeenTypePassword to determine if we're on a password field for autocomplete. r=sfoster
https://hg.mozilla.org/integration/autoland/rev/27a026da4531
Use hasBeenTypePassword for login filling. r=sfoster
https://hg.mozilla.org/integration/autoland/rev/71e4739111e7
Don't autofill passwords when hasBeenTypePassword but type!=password. r=sfoster
Depends on: 1626599

Hey Matt,
Verified the scenarios described in Bug 1570638 and Bug 1616523 and they are both fixed with this on Windows 10.
Is there anything else to check for this bug fix?

Flags: needinfo?(MattN+bmo)

I already tested bug 1595414 so I don't think you need to again. That's probably good enough. Thanks

Flags: needinfo?(MattN+bmo)

Thanks Matt!
Verified-Fixed on latest Nightly 76.0a1 (2020-04-01) on Windows 10, MacOS 10.13 and Ubuntu 16.04 based on Comment 16.

Status: RESOLVED → VERIFIED
status-firefox76: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.