Closed Bug 56118 Opened 24 years ago Closed 23 years ago

INPUT with type of password is read out loud

Categories

(Core :: Layout: Form Controls, defect, P3)

Product:
Core
Component:
Layout: Form Controls
Platform:
x86
Windows 2000
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.2

People

(Reporter: cpratt, Assigned: aaronlev)

References

(
URL
)

Details

(Keywords: access)

Attachments

(1 file)

HTML file with input type password in form
965 bytes, text/html
Details 
Build ID: Netscape 6 PR3
Platform: Windows 2000 with Narrator (screen reader utility for the visually 
impaired)

To reproduce:
- If Narrator isn't running, start it by typing NARRATOR at a command prompt
- Make sure that the "Read typed chaaracters" feature is checked
- Load the URL above (I will also attach it to this bug report for non-NSCP 
people)
- Click into the Password field in the form. Start typing (slowly).

Result: Every letter you type is read out loud. This is a security issue 
because it means the password you're typing isn't masked.

Expected result: If you use IE 5.5, you'll note that every character "read" is 
replaced by the phrase "password". This is the correct result.

    
    

    
  
Reporter: this should probably be assigned to the owner of the Narrator program,
whoever that is.


    
    

    
  
Narrator is a component of Windows operating systems. It functions correctly 
with IE 5.5 and Communicator 4.76. I'm not sure I understand your comment.

    
    

    
  
steve, should this go over to Password Manager (single signon)?
QA Contact: czhang → paw

    
    

    
  
No, it's definitely not a single-signon problem.

    
    

    
  
I'm not sure who this should go to, because I don't know how Narrator ties in to
our code. It must do more than just sniff keystrokes, if it can tell whether the
user is typing in a password field or not. Who knows about lower-level Windows
stuff like this?

Status: NEW → ASSIGNED

    
    

    
  
Reassigning to layout for further triage; I have no idea who this should be
assigned to.
Assignee: mstoltz → clayton
Status: ASSIGNED → NEW
Component: Security: General → Layout
QA Contact: paw → petersen

    
    

    
  
I discussed this a bit with joki, jst and pollmann. Our guess is that the
NARRATOR knows what is a password field because normal Windows applications use
the standard text control which has some flag to hide the text, i.e. make it
"password field".

Now, with our XUL story we have just one huge window for the whole content area
(from Windows' perspective). A horrible hack solution for this bug might be to
convert the whole window into a Windows password window just for the time to
handle the key press in our password field (not sure if this is possible, it
would be nice if we could just add/remove some flag to the window). Or return
back to native "password" widget.

In any case, it is probably widget folks who should deal with this.
Assignee: clayton → trudelle
Component: Layout → XP Toolkit/Widgets
QA Contact: petersen → jrgm

    
    

    
  
->html form controls, added access keyword.
Assignee: trudelle → rods
Component: XP Toolkit/Widgets → HTML Form Controls
Keywords: access
QA Contact: jrgm → bsharma

    
  
Severity: normal → major
Status: NEW → ASSIGNED
Priority: P3 → P1
Summary: INPUT with type of password is read out loud → [ACCESS]INPUT with type of password is read out loud

    
    

    
  
This bug should go away once we support full accessiblity, either through MSAA,
external DOM api or internal scripts.

    
  
Target Milestone: --- → mozilla0.9

    
    

    
  
QA Contact Update
QA Contact: bsharma → vladimire

    
    

    
  
I am reassigning this over to editor. When accessability asks for the contents 
of the text field and it is a password, it should return "*" for the value 
instead of the actual text. If this is working correctly, then mark as WFM.

Beppe, you should have eric test this or reassign this bug to him.
Assignee: rods → beppe
Status: ASSIGNED → NEW
Summary: [ACCESS]INPUT with type of password is read out loud → INPUT with type of password is read out loud

    
    

    
  
the password data is being inserted into the password field correctly, how 
Narrator interprets that data is beyond the scope of text insertion. The 
assistive technology software needs to be made aware of the XUL content or the 
DOM content. I would suspect that the DOM node has a notion that it is a 
password field. A flag of sorts is set by the type=password attribute 
name/value pair, which the assistive technology application should sniff.

I am in the process of contacting Microsoft to see if someone from the 
development group over there can tell us what needs to be passed so the Narrator 
application can work correctly.

    
    

    
  
aaronl, will this be fixed once we do the things necessary to work with active 
accessibility? I don't see what this has to do with Editor; doesn't this more 
have to do with properly telling the OS that the custom control used is one of 
type password? (Or something like that; I'm fuzzy on the details here.)
Assignee: beppe → aaronl

    
    

    
  
The actual bug only occurs as the user types. Each letter they type is spoken.
This is happening before Mozilla even gets the key. It's not a bug with reading
the screen contents.

However, if the accessibility aid can query and find out that it is indeed a
password field (via our MSAA support), it might do the right thing and not read
the typed keystrokes. If it's still a problem then, we'll have to ask the makers
of JAWS, WindowEyes, etc. to pay attention to the MSAA password value.

So yes, I'll take this bug.

    
    

    
  
on windows2000 there's an event before normal key events, you might be able to 
intercept there.

    
    

    
  
->mozilla0.9.1/p3
Priority: P1 → P3
Target Milestone: mozilla0.9 → mozilla0.9.1

    
    

    
  
The suggested solution did not work. I am awaiting a response from Mike Friedman 
of Microsoft Accessibility about what we need to do here.
Status: NEW → ASSIGNED
Target Milestone: mozilla0.9.1 → mozilla0.9.2

    
  
Blocks: 65632

    
    

    
  
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
verifying fixed 2001-07-10-05-0.9.2
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: