Closed Bug 437972 Opened 17 years ago Closed 17 years ago

Javascript "onLoad:focus()" moves cursor away from other fields

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 226386

People

(Reporter: dddeeefff, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0 The JavaScript command "onload:focus()" interferes with both the GUI of firefox and the interface of web-pages. Pages such as Google's iGoogle page take a while to load, and when they load, the cursor moves to the search field. The problem with this occurs when a person is typing into the address bar, or indeed any other field, before the page loads. As they are typing, the cursor focusses on a different field, leading to, for example: "www.exa" in the address bar and "mple.com" in the search bar. SECURITY CONCERN: This also can occur in password fields. This leads to some or all of a person's password being written on the screen for anybody to see. Reproducible: Always Steps to Reproduce: 1.Go to a page with a medium-sized loading time, and has an onload:focus() command 2.Start typing into the address bar or into a field which does not have onload:focus() command 3.Continue typing until a few seconds after the page loads Actual Results: The cursor jumps, splitting the text the user has written into two different fields Expected Results: Firefox should disable the onload:focus() command when a user clicks on the address bar, the search bar or any field on the current tab. refocusing the cursor should especially not happen when the user is on a password field so that, when the cursor moves, some or all of the password is written over the screen. I have only tested this using Google's page and have only tested the jumping of a cursor from the address bar (and not from other fields or the search bar). Using default theme. Also using add-on "controle de scripts" which allows better control over javascript (though it probably doesn't affect this issue).
Dup of bug 125282 or bug 226386. Interesting security concern, but arguably the fault of the web site that has a login form and an onload focus() call on the same page. Have you actually encountered sites like that? Yahoo Mail focuses the username field earlier than onload, and Gmail focuses the password field (!).
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.