New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 10 users

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Aug 2010
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Regression
M-6

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
link

Issue 52940: Auto Complete Failed

Reported by kohy...@gmail.com, Aug 21 2010

Issue description

Chrome Version       : 6.0.472.41
URLs (if applicable) : mail.google.com
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
     Safari 4: Ok
  Firefox 3.x: Ok
         IE 7: Ok
         IE 8: Ok

What steps will reproduce the problem?
1.Just go to Gmail
2.Testing the Auto Complete in Subject
3.

What is the expected result?
Start version 6 of Chrome can't remember anything typed before.

What happens instead?
Didn't show any Auto Complete Suggest.

Please provide any additional information below. Attach a screenshot if
possible.
 

Comment 1 by annapop@chromium.org, Aug 21 2010

Labels: Feature-Autofill
Can you please verify that in Wrench -> Preferences -> Personal Stuff -> [AutoFill preferences], Autofill is enabled.

Comment 2 by kohy...@gmail.com, Aug 30 2010

No, it is not related to Autofill.
It is Auto Complete, which browser should remember what we've type previously for example in Gmail subject line.

Comment 3 by kohy...@gmail.com, Aug 30 2010

For example, if typed "Apple" previously, when next time type "A" it should suggest Auto Complete as "Apple". 
But Chrome 6 having bug on this, it remembers nothing.

Comment 4 by songchro...@gmail.com, Aug 31 2010

Labels: -Pri-2 -Area-Undefined Pri-1 Area-UI Regression Mstone-6 ReleaseBlock-Stable OS-All 472-TopIssues
It happens on Chrome742.51/ WinXP/ Ubuntu9.04

Comment 5 by sunandt@chromium.org, Aug 31 2010

Status: Untriaged
I had 5.0.375.127 and over installed with 6.0.472.51.

Looks like the suggestions from 5.0 gets migrated but the auto complete suggestions from 6.0 doesn't show up. Might be related to  issue 49980 .

Comment 6 by mal@google.com, Aug 31 2010

Status: Assigned
I can repro by starting chrome 6.0.472.51 with a clean profile (--user-data-dir="%temp%\fillit") on Vista.

Open gmail.
Type an email, with subject "This is a test". Send it.
Start a second email. Type "T" in the Subject line.

EXPECTED:
Autocomplete suggestion: [This is a test]

ACTUAL:
No autocomplete suggestions at all.

NOTE:
I do get autocomplete suggestions on other forms such as the internal wiki search box and the google account login "email" field that I used to log into Gmail.

Comment 7 by kohy...@gmail.com, Aug 31 2010

One of my notebook not even get auto complete suggestions at the google account login "email" field that I used to log into Gmail.
But wonder why my other 2 desktop don't have this issue, which with the same specification conditions.

Comment 8 by sunandt@chromium.org, Aug 31 2010

kohyung, Could you please check what Chrome version(about:version) you have on those machines? What OS do these machines have?

Comment 9 by davidben@chromium.org, Aug 31 2010

I bisected the continuous builds (on Linux). It appears to have been introduced somewhere between r55534 and r55678.

http://build.chromium.org/buildbot/continuous/linux/2010-08-09/55534/
http://build.chromium.org/buildbot/continuous/linux/2010-08-10/55678/

A thought: If it's unrelated to unusual attributes on Gmail's subject field, could it perhaps be something funny with how the form is submitted?

Comment 10 by davidben@chromium.org, Aug 31 2010

r55626 looks promising.

http://crrev.com/55626

Comment 11 by songchro...@gmail.com, Aug 31 2010

The issue starts to happen on 6.0.472.36 (Official Build 55963). It works fine until 6.0.472.33 (Official Build 55501).

Comment 12 by jcivelli@chromium.org, Aug 31 2010

I confirm r55626 is causing the regression.
GMail must be submitting the form from JavaScript and that CL causes
us not to store the email subject for Autocomplete.
When I remove r55626, it works again.

Jay

Comment 13 by mal@google.com, Aug 31 2010

http://crrev.com/55626 looks like a winner.

It was merged to the 472 branch at http://crrev.com/55661, which would have first been released in 472.36.

From inferno: Not store autocomplete entries in DB for forms submitted using javascript. Fixes  issue 51727 

Comment 14 by sunandt@chromium.org, Aug 31 2010

 Issue 53567  has been merged into this issue.

Comment 15 by sunandt@chromium.org, Aug 31 2010

This is happening on Google Help Forums as well.

Comment 16 by infe...@chromium.org, Aug 31 2010

Looking into it.

Comment 17 by infe...@chromium.org, Aug 31 2010

I just copied from our fix in autofill and autofill will be equally affected - http://src.chromium.org/viewvc/chrome?view=rev&revision=53686. James, looks like we had some confusion here, i had recommended hooking up with UserGestureIndicator, and instead we just looked at the javascript submission trigger in http://code.google.com/p/chromium/issues/detail?id=48225.

Rethinking on this, this security issue might not be fixable since submit button on such complex sites might not the submit button in form and they will just use javascript to submit form. So, autocomplete or autofill will not have a way to make this distinction. What do you think. Looks like we would need to take back these two bug fixes. there are two issues
1) Autofill bug was significant, since an attacker can mess the entire autofill ui with junk entry and even cause a browser DOS.
2) autocomplete bug is ok since we do have a max restriction on how many entries can go for each field. however, it is still easy spam. it is in public - http://jeremiahgrossman.blogspot.com/2010/07/in-firefox-we-cant-read-auto-complete.html

can someone try autofill on a google checkout site, if it works. if the form is simple, it will. otherwise, it will be broken like autocomplete.

Comment 18 by infe...@chromium.org, Aug 31 2010

An urgent plan of action::
1. Remove the following fixes from 472
a) http://src.chromium.org/viewvc/chrome?view=rev&revision=55661 - Not store autocomplete entries in DB for forms submitted using javascript.
b) http://src.chromium.org/viewvc/chrome?view=rev&revision=55662 - Unittest fix. Need to put usersubmitted = true for unittests
c) http://src.chromium.org/viewvc/chrome?view=rev&revision=53686 - AutoFill: Record whether the user initiated the form submission and don't save form data if the form was not user-submitted. [This one is bad from a security perspective, i am sad because someone will discover it sooner or later]

2) Reopen the security bugs - 48225, 51727

3) Use UserGestureIndicator when user types in any one of the form fields. Looks like we cannot rely on submit button for complex sites. Need to run the suggestion through Adam. if he agrees, then James can fix it in webkit first and then pick up in chrome.

James, David, what do you think ??

Comment 19 by bugdro...@gmail.com, Aug 31 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=58038 

------------------------------------------------------------------------
r58038 | inferno@chromium.org | 2010-08-31 12:16:51 -0700 (Tue, 31 Aug 2010) | 11 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/browser/autocomplete_history_manager.cc?r1=58038&r2=58037

Revert 55661 - Merge 55626 - Not store autocomplete entries in DB for forms submitted using javascript.

BUG= 51727 , 52940 

Review URL: http://codereview.chromium.org/3149003

TBR=inferno@chromium.org
Review URL: http://codereview.chromium.org/3145007

TBR=inferno@chromium.org
Review URL: http://codereview.chromium.org/3286006
------------------------------------------------------------------------

Comment 20 by bugdro...@gmail.com, Aug 31 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=58039 

------------------------------------------------------------------------
r58039 | inferno@chromium.org | 2010-08-31 12:18:11 -0700 (Tue, 31 Aug 2010) | 11 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/browser/autocomplete_history_manager_unittest.cc?r1=58039&r2=58038

Revert 55662 - Merge 55632 - Unittest fix. Need to put usersubmitted = true for unittests.

BUG= 51727 , 52940 

Review URL: http://codereview.chromium.org/3151006

TBR=inferno@chromium.org
Review URL: http://codereview.chromium.org/3110007

TBR=inferno@chromium.org
Review URL: http://codereview.chromium.org/3276006
------------------------------------------------------------------------

Comment 22 by bugdro...@gmail.com, Aug 31 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=58049 

------------------------------------------------------------------------
r58049 | inferno@chromium.org | 2010-08-31 12:42:34 -0700 (Tue, 31 Aug 2010) | 35 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebCore/html/HTMLFormElement.cpp?r1=58049&r2=58048
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebCore/html/HTMLFormElement.h?r1=58049&r2=58048
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebKit/chromium/public/WebFormElement.h?r1=58049&r2=58048
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebKit/chromium/src/WebFormElement.cpp?r1=58049&r2=58048

Revert 53685 - Merge 63786 - 2010-07-16  James Hawkins  <jhawkins@chromium.org>

        Reviewed by Darin Fisher.

        [Chromium] Implement WebFormElement::wasUserSubmitted(). This is used to
        verify that the user submitted the form instead of JS when saving form
        data in AutoFill.
        https://bugs.webkit.org/show_bug.cgi?id=42479

        * public/WebFormElement.h:
        * src/WebFormElement.cpp:
        (WebKit::WebFormElement::wasUserSubmitted):
2010-07-16  James Hawkins  <jhawkins@chromium.org>

        Reviewed by Darin Fisher.

        Expose the form submission trigger on the HTMLFormElement object. This
        is used to verify that the user submitted the form instead of JS when
        saving form data in Chrome AutoFill.
        https://bugs.webkit.org/show_bug.cgi?id=42479

        No new tests as this is only used by the Chromium WebKit API.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement):
        (WebCore::HTMLFormElement::submit):
        (WebCore::HTMLFormElement::reset):
        (WebCore::HTMLFormElement::submissionTrigger):
        * html/HTMLFormElement.h:

BUG= 48225 , 52940 

Review URL: http://codereview.chromium.org/2881040

Review URL: http://codereview.chromium.org/3215013
------------------------------------------------------------------------

Comment 23 by bugdro...@gmail.com, Aug 31 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=58052 

------------------------------------------------------------------------
r58052 | inferno@chromium.org | 2010-08-31 12:54:02 -0700 (Tue, 31 Aug 2010) | 38 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebCore/html/HTMLFormElement.cpp?r1=58052&r2=58051
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebCore/html/HTMLFormElement.h?r1=58052&r2=58051
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebKit/chromium/public/WebFormElement.h?r1=58052&r2=58051
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/472/WebKit/chromium/src/WebFormElement.cpp?r1=58052&r2=58051

Revert 58049 - Revert 53685 - Merge 63786 - 2010-07-16  James Hawkins  <jhawkins@chromium.org>

        Reviewed by Darin Fisher.

        [Chromium] Implement WebFormElement::wasUserSubmitted(). This is used to
        verify that the user submitted the form instead of JS when saving form
        data in AutoFill.
        https://bugs.webkit.org/show_bug.cgi?id=42479

        * public/WebFormElement.h:
        * src/WebFormElement.cpp:
        (WebKit::WebFormElement::wasUserSubmitted):
2010-07-16  James Hawkins  <jhawkins@chromium.org>

        Reviewed by Darin Fisher.

        Expose the form submission trigger on the HTMLFormElement object. This
        is used to verify that the user submitted the form instead of JS when
        saving form data in Chrome AutoFill.
        https://bugs.webkit.org/show_bug.cgi?id=42479

        No new tests as this is only used by the Chromium WebKit API.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement):
        (WebCore::HTMLFormElement::submit):
        (WebCore::HTMLFormElement::reset):
        (WebCore::HTMLFormElement::submissionTrigger):
        * html/HTMLFormElement.h:

BUG= 48225 , 52940 

Review URL: http://codereview.chromium.org/2881040

Review URL: http://codereview.chromium.org/3215013

TBR=inferno@chromium.org
Review URL: http://codereview.chromium.org/3279009
------------------------------------------------------------------------

Comment 24 by bugdro...@gmail.com, Aug 31 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=58053 

------------------------------------------------------------------------
r58053 | inferno@chromium.org | 2010-08-31 12:55:58 -0700 (Tue, 31 Aug 2010) | 15 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/browser/autofill/autofill_manager.cc?r1=58053&r2=58052
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/browser/autofill/form_structure.cc?r1=58053&r2=58052
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/browser/autofill/form_structure_unittest.cc?r1=58053&r2=58052
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/common/render_messages.h?r1=58053&r2=58052
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/renderer/form_manager.cc?r1=58053&r2=58052
   M http://src.chromium.org/viewvc/chrome/branches/472/src/webkit/glue/form_data.h?r1=58053&r2=58052

Revert 58044 - Revert 53686 - Merge 53350 - AutoFill: Record whether the user initiated the form submission and don't save form data if the form was not user-submitted.

BUG= 48225 , 52940 
TEST=none

Review URL: http://codereview.chromium.org/2842062

TBR=jhawkins@chromium.org
Review URL: http://codereview.chromium.org/3063008

TBR=inferno@chromium.org
Review URL: http://codereview.chromium.org/3251007

TBR=inferno@chromium.org
Review URL: http://codereview.chromium.org/3258008
------------------------------------------------------------------------

Comment 25 by infe...@chromium.org, Aug 31 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=58054 

------------------------------------------------------------------------
r58054 | inferno@chromium.org | 2010-08-31 13:03:09 -0700 (Tue, 31 Aug 2010) | 5 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome/browser/autofill/autofill_manager.cc?r1=58054&r2=58053

Remove javascript form submission security check until furthur analysis.

BUG= 48225 

Review URL: http://codereview.chromium.org/3287006

Comment 26 by infe...@chromium.org, Aug 31 2010

Both Autofill, Autocomplete fixed now with last checkin 58054. Tested on linux 472.

Comment 27 by jcivelli@chromium.org, Aug 31 2010

I am not familiar with the actual security issue, but I agree:
requiring form posts to be user initiated is not going to be an
option.
When looking in the debugger, it appears that the form submission in
the "send email" case in GMail is done with a setTimeout.
Like you say, many other sites might be doing things similarly.

Jay

Comment 28 by infe...@chromium.org, Aug 31 2010

Jay, i can only think of one fix (which i will be probably pursing with David) which is if user types in any of form fields, that will initiate a usergesture and we make decisions based on that.

We can close this bug since security bugs are reopened and I will track the security fixes from there.

Comment 29 by infe...@chromium.org, Aug 31 2010

Status: Fixed
QA team, please dont test it on trunk, that is the reason you are getting different results. The changes are only reverted on 472 which is going to be v6.

Comment 30 by galle...@gmail.com, Sep 2 2010

After updating to 6.0.472.53, my autofill problem on Google Help Groups remains.  I describe my situation in  Issue 53567 . which was merged into this one.

Comment 31 by infe...@chromium.org, Sep 2 2010

I dont think the fix is pushed yet. Kerz, it will be pushed next week, right ?

Comment 32 by kohy...@gmail.com, Sep 3 2010

Just verify that not yet solved in 6.0.472.53

Comment 33 by galle...@gmail.com, Sep 3 2010

So Google updated the stable version from 5 to 6 without fixing the autofill problem? In version 5, autofill worked. Now the stable channel has a non-working autofill on Gmail and Google Help websites.

Comment 34 by kohy...@gmail.com, Sep 3 2010

Doing this like Stable version = Unstable/Beta version.

Comment 35 by sunandt@chromium.org, Sep 3 2010

It's already fixed. Update is coming soon.

Comment 36 by venkataramana@chromium.org, Sep 3 2010

Status: Verified
Build: 6.0.472.55
OS: XP

Comment 37 by galle...@gmail.com, Sep 8 2010

Yes, it is build 6.0472.55. Thank you! But the fix is not in Dev version 7.0.503.0. So when Dev version comes to beta or stable version, I hope it does not overwrite what is already fixed.

Comment 38 by infe...@chromium.org, Sep 8 2010

@galler96, we haven't reverted the fix from 7.0 Dev channel. We are tracking to fix the issue properly through webkit bug - https://bugs.webkit.org/show_bug.cgi?id=45128 And David is actively working on it. Before v7 stable goes out, we will make sure to fix it.

Comment 39 by dhollowa@chromium.org, Sep 10 2010

Status: Fixed
WebKit fix submitted.  Marking this bug fixed, pending WebKit CL landing and roll).

https://bugs.webkit.org/show_bug.cgi?id=45128

Note, this applies to 7.0 dev channel only.  I'm remarking fixed so QE can verify there once the WebKit patch lands.

Comment 40 by jhawkins@chromium.org, Sep 14 2010

 Issue 55335  has been merged into this issue.

Comment 41 by lafo...@chromium.org, Mar 18 2011

Labels: -Regression bulkmove Type-Regression
Chrome Version       : 6.0.472.41
URLs (if applicable) : mail.google.com
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
     Safari 4: Ok
  Firefox 3.x: Ok
         IE 7: Ok
         IE 8: Ok

What steps will reproduce the problem?
1.Just go to Gmail
2.Testing the Auto Complete in Subject
3.

What is the expected result?
Start version 6 of Chrome can't remember anything typed before.

What happens instead?
Didn't show any Auto Complete Suggest.

Please provide any additional information below. Attach a screenshot if
possible.

Comment 42 by mal@google.com, Jun 28 2011

Cc: security-bug-mail@chromium.org

Comment 43 by bugdroid1@chromium.org, Oct 13 2012

Project Member
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.

Comment 44 by bugdroid1@chromium.org, Mar 9 2013

Project Member
Labels: -Area-UI -Feature-Autofill -Mstone-6 -Type-Regression Type-Bug-Regression M-6 Cr-UI Cr-UI-Browser-Autofill

Comment 45 by bugdroid1@chromium.org, Mar 13 2013

Project Member
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue

Sign in to add a comment