Make password field values visible when focused after a generated password is filled
Categories
(Toolkit :: Password Manager, enhancement, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | verified |
People
(Reporter: MattN, Assigned: MattN)
References
(Blocks 1 open bug)
Details
(Whiteboard: [passwords:generation] [skyline])
Attachments
(3 files, 1 obsolete file)
If we generate a password for the user, it may need editing in order to meet the website requirements so we should make it readable to the user to do so. We need an API that LoginManagerContent.jsm can call to toggling visibility.
| Comment hidden (obsolete) |
|
Assignee | |
Comment 2•5 years ago
|
||
TODO: Add tests
Depends on D33878
| Comment hidden (obsolete) |
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
I added new API to unmask specific range in <input type="password">. The API is, nsIEditor.unmask(). Its first argument is start offset of unmask range. Its second argument is optional, end offset of unmask range. So, those values are almost same as HTMLInputElement.setSelectionRange(). Its third argument is also optional, and important for the behavior. This is timeout value to re-mask the characters automatically if grater than 0. In such case, changing the value (e.g., setting HTMLInputElement.value, typing something) mask them immediately. If the value is 0, newly inputted character expands unmasking range. For example, if user types a character at start of the password field when only center 3rd character is unmasked, unmasked range becomes 0 to 3.
Another API, nsIEditor.mask() masks all characters. Then, auto-masking is restarted. I.e., newly inputted characters will be masked automatically. So, somebody can work on this bug right now.
I'll keep working on bug 1560032 and new security issue of the new behavior (currently, user cannot put caret between surrogate pair so that anybody can check its user typed surrogate pairs only with arrow keys).
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 5•5 years ago
|
||
Thank you very much for implementing bug 1548389 and providing the details here!
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 6•5 years ago
|
||
|
|
Assignee | |
Comment 7•5 years ago
|
||
Depends on D39404
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 8•5 years ago
|
||
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/38187d481a68 Import LoginTestUtils in pwmgr_common.js for mochitest-plain. r=sfoster https://hg.mozilla.org/integration/autoland/rev/78387323c272 Share GENERATED_PASSWORD_* consts between test frameworks. r=sfoster https://hg.mozilla.org/integration/autoland/rev/0a46342d12f4 Make password field values visible when focused after a generated password is filled. r=sfoster
|
||
Comment 10•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/38187d481a68
https://hg.mozilla.org/mozilla-central/rev/78387323c272
https://hg.mozilla.org/mozilla-central/rev/0a46342d12f4
|
||
Comment 11•5 years ago
|
||
Verified - Fixed on latest Nightly 70.0a1 (2019-07-29) (64-bit) on Windows 10, MacOS 10.14 and Ubuntu 18.04.
- after generating a password, it can be revealed by focusing the field via click or keyboard navigation
- NVDA screen reader will also read out loud the unmasked password
Description
•