New issue
Advanced search Search tips

Issue 648511 link

Starred by 1 user
Status: Fixed
Owner:
karandeepb@chromium.org
Closed: Sep 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Views::Textfield: Pasting text from selection clipboard on Linux can reveal password text.

Project Member Reported by karandeepb@chromium.org, Sep 20 2016 
Version: 55.0.2862
OS: Linux

What steps will reproduce the problem?
(1) Go to https://www.httpwatch.com/httpgallery/authentication/. Scroll down and click on Display Image button to launch an HTTP auth dialog.
(2) Enter some text in the password textfield.
(3) Press Ctrl + A to select all the text.
(4) Middle click inside the user name textfield.

What is the expected output?
The user name textfield should get focus. No text should be pasted inside it.

What do you see instead?
The user name textfield gets focus. The selected text from the password textfield is pasted into the user name textfield.

Please use labels and text to provide additional information.
Project Member

Comment 1 by bugdroid1@chromium.org, Sep 21 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/27bac7b1a96717471167acd71d9d8aa5624fa904

commit 27bac7b1a96717471167acd71d9d8aa5624fa904
Author: karandeepb <karandeepb@chromium.org>
Date: Wed Sep 21 05:14:36 2016

Views::Textfield: Prevent revealing password text.

Currently, the Yank command on Mac and the selection clipboard on Linux can
reveal the text of an obscured/password Views::Textfield. This CL modifies
Textfield::UpdateSelectionClipboard() to ensure that the selection clipboard is
not modified for a password textfield. Textfield::ExecuteTextEditCommand(..) is
also modified to only update the yank kill buffer for a non-password textfield.
Unit tests which demonstrate the problem are also added.

BUG= 648511 ,  648509 

Review-Url: https://codereview.chromium.org/2358463002
Cr-Commit-Position: refs/heads/master@{#419977}

[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield.cc
[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield.h
[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield_model.cc
[modify] https://crrev.com/27bac7b1a96717471167acd71d9d8aa5624fa904/ui/views/controls/textfield/textfield_unittest.cc

Comment 2 by karandeepb@chromium.org, Sep 21 2016

Status: Fixed (was: Started)

Sign in to add a comment