749123 - [GTK3] Please do not use GtkIMContextSimple for password fields.

Status: RESOLVED FIXED

(Core :: Widget: Gtk, defect)

Description

[Krzesimir Nowak]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0
Build ID: 20120313130609

Steps to reproduce:

First some background: IM modules are used for virtual keyboard support and other means of entering text. These days we really cannot expect that every device has a hardware keyboard, especially when tablets are now widespread. Firefox seems to have such assumption. I have a WeTab with Fedora 15 (with Firefox 11) installed and virtual keyboard is showing up for all fields but password ones. Keyboard does show up when I focus on address bar, so I can enter gmail.com. Keyboard is also shown for login field, but when focusing password field it just disappears.

So, I have seen in the code that you enable IME only for Maemo platform[1], while I think it should be enabled unconditionally. Here [2] GtkIMContextSimple is created and there [3] this context is gotten for password fields.

There of course might be an issue of some malware input method snooping passwords from such fields, but I guess that root/admin privileges are needed to install and register such malicious input method. And if someone got root privileges then I think the game is over.

[1] http://hg.mozilla.org/mozilla-central/file/cc5254f9825f/widget/gtk2/nsGtkIMModule.h#l54
[2] http://hg.mozilla.org/mozilla-central/file/cc5254f9825f/widget/gtk2/nsGtkIMModule.cpp#l164
[3] http://hg.mozilla.org/mozilla-central/file/cc5254f9825f/widget/gtk2/nsGtkIMModule.cpp#l687


Actual results:

Virtual keyboard does not show up for password fields.


Expected results:

Virtual keyboard should show up for password field as well.

Comment 1

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

If we set GtkIMMulticontext for password files, East Asian users would be confused because IME would be available on password field. Do the native password fields change the behavior as so?

Comment 2

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

FYI: You can always enable IME on any editor if you add following rules into your user CSS.

input[type="text"], input[type="password"], textarea {
  ime-mode: normal !important;
}

Comment 3

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

I'm surprised! IME is available on current native password fields on GTK.

But each native GtkEntry has an independent IMContext, therefore, users may not be confused in most cases because East-Asian IME users don't want to turn on IME on password fields.

I think that we should use GtkIMMulticontext when the IME mode is "password" in default settings. However, the context should be *another* context. I mean, password fields should share a GtkIMMulticontext which isn't used for other IME modes.

This will break ime-mode: disable; on Linux. I'm thinking this issue. However, I think that IME should be available on such editors because current behavior could cause a11y issue for VKB users.

But I think that user should be able to switch the behavior back to current behavior by prefs.

Comment 4

[Pekka Vuorela]

(In reply to Masayuki Nakano (:masayuki) (Mozilla Japan) from comment #3)
> I'm surprised! IME is available on current native password fields on GTK.
> 
> But each native GtkEntry has an independent IMContext, therefore, users may
> not be confused in most cases because East-Asian IME users don't want to
> turn on IME on password fields.

I see two different things here: input method module and its input type. GtkEntry has "input-purpose" property which tells the field is a password editor. I think it's the responsibility of the asian IME module to disable composing input on such field if it's not expected.

Comment 5

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

This is not a native behavior of GTK2. We should use the new behavior only on GTK3 build.

Comment 6

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Attachment: Patch

Comment 7

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Comment on attachment 8358363 [details] [diff] [review]
Patch

This patch work fine with GTK 3.6+ on desktop environment.

However, as I wrote the comment in this patch, this patch may have some problem on tablet devices. However, Linux tablet doesn't have a big share. So, until somebody reports actual problem of this patch's behavior, we should wait.

By this patch makes CJK users inconvinient on GTK 3.0.x - 3.5.x. However, current major distributions use GTK 3.6+. So, such rare users should change the pref added by this patch.

Comment 8

[Karl Tomlinson (:karlt)]

Comment on attachment 8358363 [details] [diff] [review]
Patch

>+bool nsGtkIMModule::sUseSimpleContext = kUseSimpleContextDefault;

Please don't initialize here as this value won't be used before being
overwritten in the object constructor.

Comment 9

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

https://hg.mozilla.org/integration/mozilla-inbound/rev/64bf5ddbf754

Comment 10

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/64bf5ddbf754

Comment 11

[Yohei Yukawa]

(In reply to Masayuki Nakano (:masayuki) (Mozilla Japan) from comment #7)
> By this patch makes CJK users inconvinient on GTK 3.0.x - 3.5.x. However,
> current major distributions use GTK 3.6+. So, such rare users should change
> the pref added by this patch.

Just FYI, we might want to care about not only the version of GTK+ but also
the the version of input method frameworks and the version of input methods.

As far as I've investigated, users has to update IMF and IMEs to following
versions.

IMF:
- IBus 1.5.4 and later
- fcitx 4.2.7 and later

IME (for IBus):
- ibus-anthy 1.5.4 and later
- ibus-chewing 1.4.4 and later
- ibus-mozc 1.12.1599.102 and later
- ibus-pinyin ibus-pinyin-1.5.0-5 and later

Forgive me if my investigation was wrong.

Here is the case of Gnome Shell, where the password field relies on
GTK_INPUT_PURPOSE_PASSWORD.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4509
https://bugzilla.novell.com/show_bug.cgi?id=847718

Hope this helps.