Closed Bug 290524 Opened 20 years ago Closed 17 years ago

Password form elements become corrupt when using arrow keys and backspace or delete

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: transient300, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2

Password form elements become corrupt when using arrow keys and backspace or delete

Keywords: form, input, text field, password, arrow key, arrow keys, backspace,
delete, tab, asterisk, asterisks

Steps to create
1.	Copy the Test.html file (listed below) to your local system.
2.	Load the Test.html file in Firefox.
3.	Press [Tab] to get to the password text field.
4.	Type “1234567”
5.	Press [Tab] to leave the password text field.
6.	Press [Control]+[Tab] to get back to the password text field.
7.	Press [Right Arrow] to get to the end of the text.
8.	Press [Backspace] to delete the last character

At this point you should notice that the window status message shows that the
text field’s value has been changed from “1234567” to the empty string even
though only one character was deleted.  Furthermore, the six asterisks displayed
in the text field refer to characters that do not exist.  This means that given
a variable called control that refers to the text field,
1.	control.value == “”
2.	control.value.length == 0
3.	Typing a character into control will add an seventh asterisk, but
control.value.length will equal 1
4.	Deleting one or more of the asterisks will not change the value of the control.
5.	Each of these asterisks effective acts as a placeholder for the empty string.

There are a few variances to the steps above that can be used.  It does not
matter if you leave or enter the text field by using [Tab] or [Control]+[Tab]. 
I.e. you can leave by going to the prior or next field.  It does not matter if
you go to the last character with the [Right Arrow] key or to the first
character with the [Left Arrow] key.  It also does not matter if you use the [Up
Arrow] or [Down Arrow] key instead.  It does not matter is you delete a
character with [Backspace] or with [Delete].

However, the problem occurs between the down stroke and the up stroke of the key
that deletes a character.  Furthermore, the problem does not occur if the [End]
or [Home] key or the mouse is used to deselect the text.  You must use an arrow
key to reproduce the problem.  It does not matter if you use a gray arrow key or
white arrow key (in the 101 standard keyboard).

This problem occurs only in input fields whose type is “password”.  It does not
occur in input fields whose type is “text”.

I do not know whether or not this problem occurs with the MAC or Linux version
of Firefox.  I have reproduced this bug under Windows XP Service Pack 2.  I have
not tried other versions of Windows.

There is no known workaround.  Given the apparently low-level nature of this
bug, it is unlikely that any general workaround could be written in Javascript.

File: Test.html

<html>
	<head>
		<title>Test</title>
		
		<script language="javascript">
			var debugMess;
			var debugCount = 0;
				
			function keyDown(control)
			{
				debugMess = "" + debugCount++ + "on down: [" + control.value + "]...... ";
			}
		
			function keyUp(control)
			{
				debugMess += "on up: [" + control.value + "] ";
				window.status = debugMess;
			}
		</script>
	</head>
	
	<body>
		<form>
			<input type="password"
			 onKeyDown="keyDown(this)"
			 onKeyUp="keyUp(this)"/>
		</form>
	</body>
</html>


Reproducible: Always

Steps to Reproduce:
See Details section.
Actual Results:  
The status window indicated that the text field's value was the empty string.

Expected Results:  
The status window should have indicated that the text field's value was the
"123456".

Reporter: Daniel Barbalace
The weird characters you see in the text above, such as "“" are suppose to be
quotation marks.  Evidently Bugzilla does not handle left and right
single/double quotes well.  So “1234567” really means "1234567".
Severity: normal → critical
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

This problem still exists.  No comments have been added recently because no one
is working on this.  Must be a hard one to fix.  :)

Nevertheless, it is important to fix because it gives the impression that
Firefox won't work for many sites that it actually does work for.

Also, automatically closing bugs because no one adds a comment is a really
stupid idea.  The only result you'll get is that non-trivial problems will get
closed and ignored as if no one opened a bug report.  You should only close a bug if

1. You fixed it.
2. It can no longer be reproduced and someone has actually tried to do so.
3. You are resolved that it's not worth fixing because 
   a. It is not that important
   b. Quality is not that important
   c. All our good programmers have been outsourced so we have no one
      with the skills to fix it.

Preferably, #1.

option 4 : we're not getting paid to do this. So there not enough volunteers to
verify bugs (or fix them).

This works for me in Firefox 1.5 beta 2
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b5) Gecko/20051014
Firefox/1.4.1
Assignee: bugs → nobody
Component: Form Manager → Password Manager
QA Contact: form.manager → password.manager
Should work fine, and marking WFM based on last comment.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.