Issue 648509 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	karandeepb@chromium.org
Closed:	Sep 2016
Components:	Internals>Views UI>Input>Text
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	2
Type:	Bug
Proj-MacViews

Views::Textfield: Yank on Mac can reveal password text.

Project Member Reported by karandeepb@chromium.org, Sep 20 2016

Issue description

Version: 55.0.2862
OS: Mac

What steps will reproduce the problem?
(1) Enable chrome://flags/#mac-views-webui-dialogs.
(2) Go to https://www.httpwatch.com/httpgallery/authentication/. Scroll down and click on Display Image button to launch an HTTP auth dialog.
(3) Enter some text in the password textfield.
(4) Press Command + Backspace to delete text from the cursor to the beginning.
(5) Focus on the User name textfield.
(6) Press Ctrl+Y to Yank text.

What is the expected output?
No text should be yanked into the User name textfield. Deletion in a password textfield should not modify the kill buffer.

What do you see instead?
The deleted text is yanked into the password textfield.

Version: 55.0.2862
OS: Mac

What steps will reproduce the problem?
(1) Enable chrome://flags/#mac-views-webui-dialogs.
(2) Go to https://www.httpwatch.com/httpgallery/authentication/. Scroll down and click on Display Image button to launch an HTTP auth dialog.
(3) Enter some text in the password textfield.
(4) Press Command + Backspace to delete text from the cursor to the beginning.
(5) Focus on the User name textfield.
(6) Press Ctrl+Y to Yank text.

What is the expected output?
No text should be yanked into the User name textfield. Deletion in a password textfield should not modify the kill buffer.

What do you see instead?
The deleted text from the password textfield is yanked into the user name textfield.

Comment 1 Deleted

Comment 2 by karandeepb@chromium.org, Sep 20 2016

Description: Show this description

Project Member

Comment 3 by bugdroid1@chromium.org, Sep 21 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/27bac7b1a96717471167acd71d9d8aa5624fa904

commit 27bac7b1a96717471167acd71d9d8aa5624fa904
Author: karandeepb <karandeepb@chromium.org>
Date: Wed Sep 21 05:14:36 2016

Views::Textfield: Prevent revealing password text.

Currently, the Yank command on Mac and the selection clipboard on Linux can
reveal the text of an obscured/password Views::Textfield. This CL modifies
Textfield::UpdateSelectionClipboard() to ensure that the selection clipboard is
not modified for a password textfield. Textfield::ExecuteTextEditCommand(..) is
also modified to only update the yank kill buffer for a non-password textfield.
Unit tests which demonstrate the problem are also added.

BUG= 648511 ,  648509 

Review-Url: https://codereview.chromium.org/2358463002
Cr-Commit-Position: refs/heads/master@{#419977}

[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield.cc
[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield.h
[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield_model.cc
[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield_unittest.cc

Comment 4 by karandeepb@chromium.org, Sep 21 2016

Status: Fixed (was: Started)

►

Issue 648509 link

Issue metadata

Views::Textfield: Yank on Mac can reveal password text.

Issue description

Comment 1 Deleted

Comment 2 by karandeepb@chromium.org, Sep 20 2016

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Sep 21 2016

Comment 3 Deleted

Comment 4 by karandeepb@chromium.org, Sep 21 2016

Comment 4 Deleted

Sign in to add a comment