New issue
Advanced search Search tips

Issue 633263 link

Starred by 2 users
Status: Fixed
Owner: ----
Closed: Mar 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Improve form identification for password generation

Project Member Reported by dvadym@chromium.org, Aug 1 2016 
Currently in order to identify a form in password_generation_agent.cc, the following structure is used

struct PasswordFormGenerationData {
  // The name of the form.
  base::string16 name;

  // The action target of the form; this URL consists of the scheme, host, port
  // and path; the rest is stripped.
  GURL action;

  // Field in which password should be generated.
  FormFieldData generation_field;
};

And if a page has more than one form with the same name and action the first form will be taken for generation. The example is a page https://torrentz.eu/profile which contains both sign-in and sign-up forms, with the same name and action and since sign-in forms is the first in DOM, generation pop-up is shown on it. 

One of the possible simple solution is to check number of fields for forms identification.

Comment 1 by vabr@chromium.org, Aug 5 2016

Labels: Hotlist-Polish

Comment 2 by kolos@chromium.org, Mar 9 2017

Status: Fixed (was: Available)
This CL (https://codereview.chromium.org/2318533002/) implemented signature-based matching. Theoretically, collisions are still possible, but to mitigate them we need another signature and server-side processing.

Sign in to add a comment