Closed Bug 1790438 Opened 2 years ago Closed 2 years ago

User reports logins for other sites being offered on Walmart.com

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P3)

Product:
Toolkit
Component:
Password Manager: Site Compatibility
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: twisniewski, Unassigned)

References

Details

An issue was filed on webcompat.com by a user who is seeing logins they use on other sites (with Facebook email addresses) appearing as options on Walmart.com, despite not using those logins on Walmart.com. (This does not happen for them in other browsers, so they filed a bug with webcompat.com).

:janika, could you help take a look at this issue? Thanks!

Flags: needinfo?(jneuberger)

The form is not recognized as a usernameOnlyForm because it has a hidden passwordField.

<input id="passwordForPwdMgr" class="visuallyhidden" type="password" name="password" data-automation-id="passwordForPwdMgr" data-tl-id="passwordForPwdMgr" autocomplete="new-password" aria-hidden="true">

The passwordField is placed before the usernameField. When a passwordField is detected we use it as an anchor to search for the usernameField, but we only consider form elements as possible usernameFields, that come before the passwordField, see this part.

We could extend this with a threshold, let's say we also check the next 5 elements, but only if the passwordField, that we use as an anchor is hidden. If it's visible it might be unusual for the usernameField to come after the passworField. :dimi, What do you think about that?

Flags: needinfo?(jneuberger)
Flags: needinfo?(dlee)
Severity: -- → S3
Component: Password Manager → Password Manager: Site Compatibility
Priority: -- → P3
Flags: needinfo?(dlee)

Janika, was a decision ever made a decision here? (pinging to make sure we don't just forget about it)

Flags: needinfo?(jneuberger)
See Also: → 1548771

The form is not recognized as a usernameOnlyForm because it has a hidden passwordField.

<input id="passwordForPwdMgr" class="visuallyhidden" type="password" name="password" data-automation-id="passwordForPwdMgr" data-tl-id="passwordForPwdMgr" autocomplete="new-password" aria-hidden="true">

(In reply to Janika Neuberger (:janikaneuberger) from comment #2)

The webpage source code of Walmart.com has changed. The hidden password input element has been removed, so the usernameField is now correctly detected and autofilled by the password manager.

Nevertheless we are currently working on a patch that should fix some issues on how the password manager handles invisible input elements.
Thanks for the ping :)

Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(jneuberger)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.