New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 7 users
Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment
Emoji in password fields appear as two bullets
Reported by jleedev@gmail.com, May 11 2015 Back to list
UserAgent: Mozilla/5.0 (X11; CrOS x86_64 6946.38.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.52 Safari/537.36
Platform: 6946.38.0 (Official Build) beta-channel panther

Example URL:

Steps to reproduce the problem:
<input type=password value=
 
Screenshot 2015-05-11 at 16.13.27.png
8.5 KB View Download
Comment 1 by tkent@chromium.org, Jul 10 2015
Labels: -Cr-Content Cr-Blink-Layout Cr-Blink-Fonts-Emoji
Comment 2 by i.am....@gmail.com, Jul 23 2015
This is more than likely due to the fact emojis are usually three bytes long. I could believe it if someone said the first two bytes are being used as a wide character and the third (and fourth) is/are being used as a second character, but that's just speculation.
Cc: jchaffraix@chromium.org
Labels: -Pri-2 -OS-Chrome Pri-3 OS-All
Status: Available
On Linux, I am seeing 4 bullet points, which would point to Chrome using the UTF-8 encoded string as its individual bytes component. This is speculative only as I didn't dig into the actual bug.
Project Member Comment 4 by sheriffbot@chromium.org, Nov 30 2016
Labels: Hotlist-Recharge-Cold
Status: Untriaged
This issue has been available for more than 365 days, and should be re-evaluated. Please re-triage this issue.
The Hotlist-Recharge-Cold label is applied for tracking purposes, and should not be removed after re-triaging the issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Comment 5 by e...@chromium.org, Dec 2 2016
Cc: -jchaffraix@chromium.org
Components: -Blink>Fonts>Emoji -Blink>Layout Blink>Forms>Password
Shows one per UChar, doesn't handle surrogate pairs let alone modifiers correctly.
Comment 6 by tkent@chromium.org, Dec 4 2016
Components: Blink>Layout
Labels: -Hotlist-Recharge-Cold
This is an issue of LayoutText.

Comment 7 by e...@chromium.org, Dec 5 2016
Cc: drott@chromium.org kojii@chromium.org
Status: Available
Comment 8 by tkent@chromium.org, Dec 5 2016
Labels: Hotlist-GoodFirstBug
Owner: qyears...@chromium.org
Status: Fixed
Project Member Comment 11 by bugdroid1@chromium.org, Aug 11
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d280c9c1fd90b3e85249092452c6cfa2fff48340

commit d280c9c1fd90b3e85249092452c6cfa2fff48340
Author: Quinten Yearsley <qyearsley@google.com>
Date: Fri Aug 11 18:08:50 2017

Revert "In password fields, show one dot per grapheme cluster."

This reverts commit 7d0f75c321cae8a33f60fd291157d4c5d3fa9d01.

Reason: This change introduced a potential security risk,
wherein inserting particular strings of characters into a
text field could cause a DCHECK failure in
TextRunConstructor.cpp.

It should be relanded once it can be verified that it
doesn't cause a problem like  https://crbug.com/751193 .

Bug:  751193 , 486880
Change-Id: Iaa0c603ec1ee53fc3d093e392b2a27b778f8bb94
Reviewed-on: https://chromium-review.googlesource.com/611387
Reviewed-by: Emil A Eklund <eae@chromium.org>
Commit-Queue: Emil A Eklund <eae@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493809}
[delete] https://crrev.com/0f2c5ddcaba532562888e6effb626c64b9064b4b/third_party/WebKit/LayoutTests/fast/forms/password-length-emoji-expected.html
[delete] https://crrev.com/0f2c5ddcaba532562888e6effb626c64b9064b4b/third_party/WebKit/LayoutTests/fast/forms/password-length-emoji.html
[modify] https://crrev.com/d280c9c1fd90b3e85249092452c6cfa2fff48340/third_party/WebKit/Source/core/layout/LayoutText.cpp

Status: Assigned
The change r482483 appeared to have caused a couple of security issues:
   bug 751193 
   bug 750066 

It should be relanded if this can be done without causing those issues.
Cc: kkaluri@chromium.org
Labels: Needs-Feedback
Tested this issue on Windows 10, mac 10.12.6 and Ubuntu 14.04 with chrome #62.0.3185.0 

Steps followed :
1. Created a html file with code 
   <html>
   <input type = "password" value>
   </html>
2. Loaded the test file
3. Copied the emoji icon from "https://en.wikipedia.org/wiki/Emoji" page

Case 1: 
Pasted emoji icon in the devtools -> Password field and observed the 2 dots in the password field.

Case 2:
Pasted emoji icon in the password field and observed 2 dots in the password field.

Attaching the screencast for reference. 

Note: in the Ubuntu machine, for both cases i have observed 3 dots in the password field.

qyearsley@ Could you please look into it and let us know any steps i have missed while reproducing the issue.

Thank You...
486880.mp4
1.5 MB View Download
Just to Update, in the Mac and Ubuntu machine, for both cases i have observed 3 dots in the password field.
              
Cc: yosin@chromium.org
It's not very clear from the  issue 751193  that the cause is in the line breaker (layout) or in execCommand (editing), but our support for when the length of DOM text does not match to the length of LayoutText is poor in editing/selection. This has been an issue for a long time (I believe we have an old bug in editing, yosin@ might know the issue number.)

It's unfortunate this simple good change hits the old bug, but if it's the case, the only thing we could do is to track down all such cases and fix them. LayoutNG should do better in its foundation, but as far as I know, we don't have a grand plan to fix this case. yosin@?
Cc: -yosin@chromium.org
kkaluri: Sounds like you reproduced it correctly. The current status of this issue is: There was a fix (#9) but it caused security issues and was reverted (#11).
Project Member Comment 18 by bugdroid1@chromium.org, Aug 14
Labels: merge-merged-3163
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f83b3fa59417998a87c4ea62cda4b893de690532

commit f83b3fa59417998a87c4ea62cda4b893de690532
Author: Quinten Yearsley <qyearsley@google.com>
Date: Mon Aug 14 20:36:19 2017

Revert "In password fields, show one dot per grapheme cluster."

This reverts commit 7d0f75c321cae8a33f60fd291157d4c5d3fa9d01.

Reason: This change introduced a potential security risk,
wherein inserting particular strings of characters into a
text field could cause a DCHECK failure in
TextRunConstructor.cpp.

It should be relanded once it can be verified that it
doesn't cause a problem like  https://crbug.com/751193 .

TBR=qyearsley@google.com

(cherry picked from commit d280c9c1fd90b3e85249092452c6cfa2fff48340)

Bug:  751193 , 486880
Change-Id: Iaa0c603ec1ee53fc3d093e392b2a27b778f8bb94
Reviewed-on: https://chromium-review.googlesource.com/611387
Reviewed-by: Emil A Eklund <eae@chromium.org>
Commit-Queue: Emil A Eklund <eae@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#493809}
Reviewed-on: https://chromium-review.googlesource.com/614397
Reviewed-by: Quinten Yearsley <qyearsley@chromium.org>
Cr-Commit-Position: refs/branch-heads/3163@{#552}
Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528}
[delete] https://crrev.com/d8be0b2d6059b892ee8b7e1209bfbe5ecce8021e/third_party/WebKit/LayoutTests/fast/forms/password-length-emoji-expected.html
[delete] https://crrev.com/d8be0b2d6059b892ee8b7e1209bfbe5ecce8021e/third_party/WebKit/LayoutTests/fast/forms/password-length-emoji.html
[modify] https://crrev.com/f83b3fa59417998a87c4ea62cda4b893de690532/third_party/WebKit/Source/core/layout/LayoutText.cpp

Cc: yosin@chromium.org
Tested the issue using #61.0.3163.49 on Win 10, Mac 10.12.6 and Linux Ubuntu 14.04 as per the steps mentioned in comment #14. Still observing the same behavior (Observed 2 bullets in password field).

Please find the screencast for the same.

@qyearsley: Could you please confirm the behavior.

Thanks!!
Aug 16 2017 4-01 PM.webm
6.3 MB View Download
Cc: qyears...@chromium.org
Labels: -Needs-Feedback
Owner: ----
Status: Available
sandeepkumars@: Yes, you're correct, we're still observing the incorrect behavior (two bullets in password field), because the fix was reverted for security reasons. See above comments in this thread. There's no need to continue trying to reproduce this.

Unassigning since I'm not current working on this now.
Cc: mgiuca@chromium.org
 Issue 758794  has been merged into this issue.
Cc: pbos@chromium.org jdufault@chromium.org
Sign in to add a comment