Password generator suggests a paypal.com password that includes forbidden character `,`
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox95 | --- | fixed |
People
(Reporter: cpeterson, Assigned: tgiles)
Details
Attachments
(2 files)
https://www.paypal.com/myaccount/security/
Twice now, Firefox's password generator has suggested a paypal.com password that included the character , which paypal.com forbids in its passwords. Here is one of the forbidden passwords suggested: kX9Y8uWs^#8,zKf. (NOTE: that is NOT my password. I generated this example password and then deleted.)
Firefox's password-rules.json says paypal.com required: digit, [!@#$%^&*()], which looks correct, but doesn't mention that , is forbidden.
Attached is the Browser Console's "Login" messages logged with signon.debug enabled.
I have only tested this bug in Nightly 95.
|
||
Comment 1•2 years ago
|
||
Based on
If you specify the required property and do not specify the allowed property then the allowed property is inferred to be the value of the required property.
from https://github.com/whatwg/html/issues/3518#requiring-that-a-password-contain-certain-characters
only !@#$%^&*() are allowed, , is not allowed.
|
Assignee | |
Comment 2•2 years ago
|
||
Got a patch to fix this, just need to write some tests. The issue was on the password generator side of things, we were adding in commas where we shouldn't have and that was being included in list of characters used to generate the password.
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 3•2 years ago
|
||
Pushed by sgalich@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/76f4e5abcdd5 Fix string concatenation that was causing extra characters to appear during improved password generation. r=sgalich
|
||
Comment 5•2 years ago
|
||
| bugherder | ||
Description
•