Closed Bug 997685 Opened 8 years ago Closed 8 years ago
Password manager wrongly saves empty user names with passwords and wrongly populates these saved passwords
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 Steps to reproduce: Use this self explaining jsfiddle to reproduce: http://jsfiddle.net/tpA2h/show/ Actual results: Wrong: A password with EMPTY username gets saved. Wrong: This password is popuplated for ALL password fields on the same domain. Expected results: First: An [EMPTY user name]/[password] combination should NEVER be saved in the password manager. There should always be a combination of a textfield BEFORE a password field (which both should have a non-empty name attribute) to allow to save a username/password. Second: The password manager should never populate a password field if there is no textfield in FRONT of it to choose a username from. Why? See the jsfiddle for explanation. Google Chrome for example always has a username in the password manager, it never saves an empty user name! And there always has to be an textfield BEFORE a password field which both have a non-empty name attribute to be able to save a username/password. Also there always has to be an textfield BEFORE a password field to choose/pre-populate a username/password combination.
Similar (but not duplicate): Bug 585591
Component: General → Password Manager
Product: Firefox → Toolkit
Firefox's password manager is explicitly designed to support this. Not every login has a username (mailman being the unfortunate canonical example), and sometimes pages will have a password field without a username field, if the site has remembered you previously (Eg, via cookie). Google's old login pages did this when they wanted you to re-authenticate.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.