Closed Bug 314154 Opened 19 years ago Closed 19 years ago

Form field focus should not be set if user has begun entering text.

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 226386

People

(Reporter: dfarning, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)

After loading a page containing a form, Firefox automatically focuses the first
input field in the tab order.  It should not do this if the user has already
begun entering data into the form.  Not only is the current behavior annoying,
but it is a potential security issue.  I have often typed passwords into
plaintext fields because Firefox changed the field focus after a slow page load.

Reproducible: Sometimes

Steps to Reproduce:
1.saturate internet link with bit torrent to ensure slow page load
2.as soon as the login form appears enter user name
3. hit tab, enter password

Actual Results:  
Depending on when the page load completes (which calls setfocus at the end) the user's username and part or all of their password appear in plain text in the username text box



Expected Results:  
user name in username text box (plaintext) password in password text box (blocked)

This is particluarly troublesome for someone who regularly logs into different workstations many time in the course of a day.  For example; start firefox, open webmail, login to webmail, open new tab, open blackboard, log into blackboard, start eclipse. get to work.
This bug has been pushed upstream from http://bugzilla.ubuntu.com/show_bug.cgi?id=18259
I suspect this is invalid. It is not Firefox that is automatically focussing the form, but the website itself. Google and many others focus their form in hte load handler for the page.

I guess there is a potential enhancement request in stopping this focus call from working in some cases.
Yes, stopping the java script focus call once the users had started entering data was my intention.  The fact that it frequently involves username/password being display in plain text makes me think that it should be rated higher than enhancement.
The same happens when I have started to type a new URL in the addres field and google.com has completed loading.

See this forum-post for more info:
http://forums.mozillazine.org/viewtopic.php?p=1866135

Regards,
Morten

*** This bug has been marked as a duplicate of 226386 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.