Credit card field allows autocomplete of bad data |
|||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 Steps to reproduce the problem: 1. I typed a credit card number in a credit card field, but I accidentally mistyped 0233 as 0023. 2. From then on, returning to the page and beginning to type my number would offer to autocomplete the full, 16-digit, *incorrect* card number. Note that once I successfully saved a card, this field began to offer to autofill my known card. After I typed 5 digits, that autofill option went away, and the 16-digit incorrect number STILL stayed as an autocomplete option. What is the expected behavior? Chrome does not offer autocomplete on credit card fields What went wrong? Chrome saved a 16-digit number (that does NOT pass a Luhn check) as an autocomplete suggestion on a credit card field Did this work before? N/A Chrome version: 52.0.2714.0 Channel: canary OS Version: Windows 8.1 Flash Version:
,
Apr 21 2016
,
Apr 21 2016
Can you please CC jdonnelly@ on this bug (per his request)? Thank you.
,
Apr 22 2016
,
Apr 22 2016
mathp, don't we have logic to prevent autocomplete (as opposed to autofill) from filling fields classified as credit card numbers?
,
Apr 22 2016
jsaul, why Restrict-View-SecurityTeam? Saving credit card data, whether correct or incorrect, is something we normally do.
,
Apr 22 2016
seems reasonable to me to disable Autocomplete on credit card fields.
,
Apr 22 2016
+Zach
,
Apr 22 2016
Sorry jdonnelly, it happened automatically when I picked the Security category. I guess UI or Sync might have been better choices, but since Chrome keeps blatantly displaying 16-digit numbers that are 1 digit off from my real card, it felt like a user-security thing.
,
Apr 26 2016
,
Apr 27 2016
(removing RVG) I agree that if heuristics (or server) detect it to be a credit card field, we shouldn't store in autocomplete.
,
Apr 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1b3eeb653a354261f820bab9658c746efe5e8cde commit 1b3eeb653a354261f820bab9658c746efe5e8cde Author: mathp <mathp@chromium.org> Date: Wed Apr 27 16:47:16 2016 [Autofill] Do not show Autocomplete suggestions for credit card fields. BUG=605680 TEST=AutofillManagerTest Review-Url: https://codereview.chromium.org/1920863006 Cr-Commit-Position: refs/heads/master@{#390104} [modify] https://crrev.com/1b3eeb653a354261f820bab9658c746efe5e8cde/components/autofill/core/browser/autofill_manager.cc [modify] https://crrev.com/1b3eeb653a354261f820bab9658c746efe5e8cde/components/autofill/core/browser/autofill_manager.h [modify] https://crrev.com/1b3eeb653a354261f820bab9658c746efe5e8cde/components/autofill/core/browser/autofill_manager_unittest.cc
,
Apr 27 2016
The most crucial part is done, but there is still work to do: not saving Autocomplete info if the field is a CC field. After the patch in #c12 we will only not recall it.
,
Jun 2 2016
,
Jun 2 2017
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 2 2017
,
Jun 6 2017
,
Jun 19 2017
,
Aug 3
This bug has an owner, thus, it's been triaged. Changing status to "assigned". |
|||||||||||||||
►
Sign in to add a comment |
|||||||||||||||
Comment 1 by vakh@chromium.org
, Apr 21 2016Labels: -Type-Bug-Security Type-Bug