Closed
Bug 997685
Opened 10 years ago
Closed 10 years ago
Password manager wrongly saves empty user names with passwords and wrongly populates these saved passwords
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: m.kurz, Unassigned)
References
()
Details
(Keywords: testcase)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 Steps to reproduce: Use this self explaining jsfiddle to reproduce: http://jsfiddle.net/tpA2h/show/ Actual results: Wrong: A password with EMPTY username gets saved. Wrong: This password is popuplated for ALL password fields on the same domain. Expected results: First: An [EMPTY user name]/[password] combination should NEVER be saved in the password manager. There should always be a combination of a textfield BEFORE a password field (which both should have a non-empty name attribute) to allow to save a username/password. Second: The password manager should never populate a password field if there is no textfield in FRONT of it to choose a username from. Why? See the jsfiddle for explanation. Google Chrome for example always has a username in the password manager, it never saves an empty user name! And there always has to be an textfield BEFORE a password field which both have a non-empty name attribute to be able to save a username/password. Also there always has to be an textfield BEFORE a password field to choose/pre-populate a username/password combination.
Similar (but not duplicate): Bug 585591
Updated•10 years ago
|
Comment 2•10 years ago
|
||
Firefox's password manager is explicitly designed to support this. Not every login has a username (mailman being the unfortunate canonical example), and sometimes pages will have a password field without a username field, if the site has remembered you previously (Eg, via cookie). Google's old login pages did this when they wanted you to re-authenticate.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•