[a11y] Generated password entry is filled upon field navigation with TAB
Categories
(Toolkit :: Password Manager, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox72 | --- | wontfix |
firefox73 | --- | wontfix |
firefox74 | --- | verified |
firefox75 | --- | verified |
People
(Reporter: tbabos, Assigned: sfoster)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: access, regression)
Attachments
(3 files)
1.49 MB,
video/mp4
|
Details | |
7.05 KB,
text/plain
|
Details | |
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
Affected platforms:
Windows 10 x64
MacOS 10.15
Ubuntu 18.04
Unaffected:
Nightly 71.0a1 2019-10-08
Steps to reproduce:
- Launch Firefox
- Go to twitter.com (or facebook, github)
- Save 2 sets of credentials
- Generate a secure password
- Reload the form and toggle the autocomplete dropdown for the username (if its not toggled on page load)
- Without selecting any username Press TAB to navigate to the password field
Expected:
Upon pressing TAB, the focus should be placed on the password field and the autocomplete dropdown should be toggled.
Actual:
The autocomplete dropdown is not toggled and the generated password is filled in the password field.
Regression-Range:
Regressed by: bug 1556953
Hey Sam, could you please take a look at this when you have the time? Thanks!
Reporter | ||
Comment 1•4 years ago
|
||
Updated•4 years ago
|
Updated•4 years ago
|
Comment 2•4 years ago
|
||
Marco — Can you give an assessment of how bad the a11y impact of this is?
Assignee | ||
Comment 3•4 years ago
|
||
I can confirm the STR. The generated password causes an empty-username login to be auto-saved. When handling that tab out of the username field, we are matching the auto-saved login and filling the password field with the generated password. I think we just need to check for a non-zero-length username field value.
Assignee | ||
Comment 4•4 years ago
|
||
Updated•4 years ago
|
Pushed by sfoster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4e23ae638ed5 Don't treat tab in username/password field as auto-completion when the field value is empty. r=MattN
Comment 7•4 years ago
|
||
bugherder |
Reporter | ||
Comment 8•4 years ago
•
|
||
Verified - Fixed on latest Nightly 75.0a1 (2020-02-16) on Windows 10, MacOs 10.15 and Ubuntu 18.04.
Waiting for a potential uplift to Beta.
Comment 9•4 years ago
|
||
Comment on attachment 9124894 [details]
Bug 1612161 - Don't treat tab in username/password field as auto-completion when the field value is empty. r?MattN
Beta/Release Uplift Approval Request
- User impact if declined: A generated password could get filled when a user tabs from an empty text field before it
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Adds a simple check that the username field isn't empty before filling a (generated) password
- String changes made/needed: None
Comment 10•4 years ago
|
||
Comment on attachment 9124894 [details]
Bug 1612161 - Don't treat tab in username/password field as auto-completion when the field value is empty. r?MattN
Low risk, verified on nightly, uplift approved for 74.0b6, thanks.
Comment 11•4 years ago
|
||
bugherder uplift |
Reporter | ||
Comment 12•4 years ago
|
||
Verified-fixed on latest Beta 74.0b6 on Windows 10, MacOS 10.13 and Ubuntu 18.04.
Updated•4 years ago
|
Description
•