Closed Bug 415943 Opened 16 years ago Closed 13 years ago

Test that password field text is not readable through accessibility APIs

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla2.0

People

(Reporter: aaronlev, Assigned: MarcoZ)

Details

(Keywords: access)

Attachments

(1 file, 1 obsolete file)

Updated Mochitest with comments
5.64 KB, patch
surkov
: review+
Details | Diff | Splinter Review 
The new text getters should not expose the actual text in a password field -- just *'s.
Which (sub)interface is exposing the actual text?
(In reply to comment #1)
> Which (sub)interface is exposing the actual text?

nsIFrame::GetRenderedText. In the meantime accessible value exposes *** based on role. Since nsIFrame::GetRenderedText is used in a11y then it's possible we expose *** in nsIAccessibleText methods. But I'm not sure. Example is appreciated.
I just looked at a login form with AccProbe on Windows, and IAccessibleText::Text gives me **** for a 4 letter password field. I can turn this into a mochitest and attach it to this bug, basically turning it into a "test that we expose passwords as *" one. What do you think?
Sounds great. Thank you.
Mass un-assigning bugs assigned to Aaron.
Assignee: aaronleventhal → nobody
Marco, would be great if you finish mochitest ;)
Taking!
Assignee: nobody → marco.zehe
Status: NEW → ASSIGNED
(In reply to comment #7)
> Taking!

thank you!
I believe I need some help with the password characters I should be testing for. The log file shows I get a char of decimal value 207, or 0xCF, but when I put that in, as in the patch, it claims I am supplying a character 0xFFFD. The other tests pass. Surkov, David, any ideas?
Attachment #518489 - Flags: review?(surkov.alexander)
Ehsan tells me we get the character from the platform, so probably a safer test here is to simply test that the password itself is not exposed. The actual bogus characters aren't that important.
(In reply to comment #10)
> Ehsan tells me we get the character from the platform, so probably a safer test
> here is to simply test that the password itself is not exposed. The actual
> bogus characters aren't that important.

sounds reasonable change
Comment on attachment 518489 [details] [diff] [review]
Mochitest for getText for both a regular input and a password input


>+  <title>nsIAccessibleText getText related function tests for text inputs</title>

for password fields?

>+      ////////////////////////////////////////////////////////////////////////
>+      // characterCount and getText for password field
>+
>+      IDs = [ "password" ];
>+      testCharacterCount(IDs, 4);
>+      testText(IDs, 0, 4, "ÃÃÃÃ");

it's ok to go with David's suggestion here

>+  <a target="_blank"
>+     title="Fix getText"
>+     href="https://bugzilla.mozilla.org/show_bug.cgi?id=630001">Mozilla Bug 630001, part3</a>

please update this
Attachment #518489 - Flags: review?(surkov.alexander) → review+
I added a function to text.js that tests if the given text is anything but the text passed in the last parameter. I also added documentation for both the testText and testPasswordText functions. Rerequesting review just in case...
Attachment #518489 - Attachment is obsolete: true
Attachment #518667 - Flags: review?(surkov.alexander)
Comment on attachment 518667 [details] [diff] [review]
Updated Mochitest with comments

>diff --git a/accessible/tests/mochitest/text.js b/accessible/tests/mochitest/text.js
>--- a/accessible/tests/mochitest/text.js
>+++ b/accessible/tests/mochitest/text.js
>@@ -21,16 +21,24 @@ function testCharacterCount(aIDs, aCount
> {
>   for (var i = 0; i < aIDs.length; i++) {
>     var textacc = getAccessible(aIDs[i], [nsIAccessibleText]);
>     is(textacc.characterCount, aCount,
>        "Wrong character count for " + prettyName(aIDs[i]));
>   }
> }
> 
>+/**
>+ * Test text between two given offsets
>+ *
>+ * @param aIDs  [in] an array of accessible IDs to test
>+ * @param aStartOffset  [in] the start offset within the text to test
>+ * @param aEndOffset  [in] the end offset up to which the text is tested
>+ * @param aText  [in] the expected result from the test
>+ */

nit: please align all [in] description

 * @param aIDs          [in] an array of accessible IDs to test
 * @param aStartOffset  [in] the start offset within the text to test
 * @param aEndOffset    [in] the end offset up to which the text is tested
 * @param aText         [in] the expected result from the test


> /**
>+ * Test password text between two given offsets
>+ *
>+ * @param aIDs  [in] an array of accessible IDs to test
>+ * @param aStartOffset  [in] the start offset within the text to test
>+ * @param aEndOffset  [in] the end offset up to which the text is tested
>+ * @param aText  [in] the expected result from the test

the same
Attachment #518667 - Flags: review?(surkov.alexander) → review+
Summary: Expose only *'s for password field text → Test that password field text is not readable through accessibility APIs
Landed test-only patch on mozilla-central: http://hg.mozilla.org/mozilla-central/rev/c8bef0022a62
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: