[false positive] Password generation is offered for the Login password field on bitribe.com
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P3)
Tracking
()
People
(Reporter: tbabos, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [passwords:generation])
Affected Versions:
Nightly 77.0a1 (2020-04-14) (64-bit)
Beta 76.0b4
Affected Platforms:
Windows 7/10 x64
MacOS 10.14
Ubuntu 18.04
Steps to reproduce:
- Go to bitribe.com and reach the Login form
- Click on the password field
Expected Result:
The autocomplete dropdown should not display the Password Generation option
Actual Result:
Password Generation was offered for the password field
Regression-Range:
Not a regression of the new implementation, it also happens on Beta 75 and seems like site issue given it has the autocomplete=new-password attribute for this field
Notes:
Password field:
<input placeholder="Enter the password" type="password" autocomplete="new-password" value="">
Updated•5 years ago
|
Comment 1•5 years ago
|
||
Thanks Timea for filing this issue; I have reproduced it, and interestingly, the password field on the login page is using autocomplete="new-password"
as Timea noted.
Similarly, QA also found (and I verified) a false positive on the password change form for this site which also uses autocomplete="new-password"
on the "Old Password" field there. Note: to reproduce, you will need a burner e-mail account to sign up for the site, then login and then navigate to the password change form.
This means, on both of these pages, the site is using the semantic HTML markup to indicate the field is a new password field (autocomplete="new-password"
), even though the field is not a new password field.
This is not a bug with the new password model from Bug 1595244 (and its update in Bug 1625601), which only runs when the autocomplete
attribute does not have a value of "new-password"
, nor is this a bug with the Password Manager's logic, which displays the password generation option in the autocomplete popup when autocomplete="new-password"
. This is a web compatibility issue for the site.
Comment 2•5 years ago
•
|
||
Double-checked, and the model update landed at https://github.com/mozilla-services/fathom-login-forms/commit/368cbce234fcd2804f82d88d10ac940b8243c496 does call this a negative.
Updated•5 years ago
|
Description
•