New issue
Advanced search Search tips

Issue 768939 link

Starred by 1 user
Status: Available
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocked on:
issue 831123
Blocking:
issue 770184



Sign in to add a comment

password manager puts username and password in expiry date and CVC of target.com payment form

Project Member Reported by rogerm@chromium.org, Sep 26 2017 
Chrome Version: (copy from chrome://version)
OS: (e.g. Win7, OSX 10.9.5, etc...)

Pre-requisite:

Have some credit card data saved in Chrome.

What steps will reproduce the problem?
(1) Navigate to https://www.target.com
(2) Login or create an account and let Chrome save username+password
(3) Attempt to buy something
(4) In the payment step, click in the expiry field
(5) In the payment step, click in the security code field

What is the expected result?

In (4) Chrome should offer to fill the CC expiry date.
In (5) Chrome should just give the user a caret in the field.

What happens instead?

Chrome offers the username and password for 4 and 5, respectively.

Additional notes:

The site developer has explicitly tagged the fields with the correct autocomplete tags. Chrome autofill (heuristics) correctly detects the field types. Autofill initiated from the card number or cardholder fields fills the expiry date correctly.

I think password manage is also overriding/suppressing the field type votes for the expiry date field, as the server does not provide a recommendation (implying it has no non-possword related votes).

Comment 1 by dvadym@chromium.org, Sep 27 2017 

I understand why Chrome proposes to fill password in security code field, but it's not clear why it suggests username in the expiry field.

Could you please attach logs from chrome://password-manager-internals?

Comment 2 by vabr@chromium.org, Oct 18 2017

Blocking: 770184
Labels: Needs-Feedback Hotlist-Polish
Status: Available (was: Untriaged)

Comment 3 by battre@chromium.org, Mar 1 2018 

Here is the log:
Captured password manager logs are listed below. Logs are cleared and no longer captured when all password-manager-internals pages are closed.
Message: PasswordAutofillAgent::DidStartProvisionalLoad 
The new state of the UI: 0
Message: PasswordAutofillAgent::SendPasswordForms 
only_visible: false
Security origin: https://www.target.com/ 
Number of all forms: 0
Message: PasswordAutofillAgent::SendPasswordForms 
only_visible: false
Security origin: https://www.target.com/ 
Number of all forms: 1
Message: Generation invalid PasswordForm 
Message: PasswordAutofillAgent::SendPasswordForms 
only_visible: true
Security origin: https://www.target.com/ 
Number of all forms: 1
Form found on page: {
Action : ,
Form name or ID : 
}
Form is visible: false
Some control elements not associated to a form element are visible: false
Message: PasswordManager::CreatePendingLoginManagers 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Number of pending login managers (before): 0
Number of pending login managers (after): 0
Message: PasswordManager::OnPasswordFormsRendered 
Message: PasswordManager::CanProvisionalManagerSave 
Message: No provisional save manager 
Message: Generation invalid PasswordForm 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Server predictions: {
Signature of form: 13075167487213522379
Origin: https://www.target.com/
Action: 
Form fields: 
creditCard: 2146274338, checkbox
cardNumber: 1266406126, tel, cc-number, SERVER_PREDICTION: HTML_TYPE_CREDIT_CARD_NUMBER
expiry: 475883243, tel, SERVER_PREDICTION: CREDIT_CARD_EXP_DATE_2_DIGIT_YEAR
cvv: 156149512, password, cc-csc, SERVER_PREDICTION: HTML_TYPE_CREDIT_CARD_VERIFICATION_CODE
tcPinNum: 3740811462, password, nope
cardName: 3663382838, text, SERVER_PREDICTION: CREDIT_CARD_NAME_FULL
giftCard: 567885977, checkbox
giftcard_number: 379101248, tel, SERVER_PREDICTION: CREDIT_CARD_NUMBER
access_number: 1991508438, tel
payPal: 405451199, checkbox
}
Message: PasswordAutofillAgent::SendPasswordForms 
only_visible: false
Security origin: https://www.target.com/ 
Number of all forms: 1
Form is a password form: {
Action : https://www.target.com/ ,
New password element : ,
Origin : https://www.target.com/ ,
PSL match : false,
Password element : tcPinNum ,
Password generated : false,
Scheme : HTML ,
Signon realm : https://www.target.com/ ,
Times used : 0,
Username element : expiry 
}
Message: PasswordManager::CreatePendingLoginManagers 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Number of pending login managers (before): 0
Adding manager for form: {
Signature of form: 13075167487213522379
Signon realm: https://www.target.com/
Origin: https://www.target.com/
Action: https://www.target.com/
Form name: 
Form fields: 
creditCard: 2146274338, checkbox
cardNumber: 1266406126, tel, cc-number
expiry: 475883243, tel
cvv: 156149512, password, cc-csc
tcPinNum: 3740811462, password, nope
cardName: 3663382838, text
giftCard: 567885977, checkbox
giftcard_number: 379101248, tel
access_number: 1991508438, tel
payPal: 405451199, checkbox
}
Message: FormFetcherImpl::Fetch 
FormFetcherImpl::state_: 1
Number of pending login managers (after): 1
Message: Generation invalid PasswordForm 
Message: FormFetcherImpl::OnGetPasswordStoreResults 
Number of results from the password store: 1
Message: PasswordFormManager::ProcessMatches 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordManager::Autofill 
wait_for_username: false
The new state of the UI: 3
Message: Generation: no possible account creation forms 
Message: PasswordAutofillAgent::OnFillPasswordForm 
ambiguous_or_empty_names: false
Number of potential forms to fill: 1
form_data's wait_for_username: false
form_contains_fillable_username_field: true
username_field_name empty: false
password_field_name empty: false
Message: FillUserNameAndPassword in PasswordAutofillAgent 
Message: Username to fill matches that on the page 
Filled username element named: expiry 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordFormManager::ProcessMatches 
Filled password element named: tcPinNum 
Message: PasswordAutofillAgent::DidStartProvisionalLoad 
Message: |frame| is not the main frame 
Message: PasswordAutofillAgent::SendPasswordForms 
only_visible: false
Security origin: https://2906542.fls.doubleclick.net/ 
Message: Webpage is empty 
Message: PasswordAutofillAgent::SendPasswordForms 
only_visible: true
Security origin: https://2906542.fls.doubleclick.net/ 
Message: Webpage is empty 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordFormManager::ProcessMatches 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordFormManager::ProcessMatches 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordFormManager::ProcessMatches 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordFormManager::ProcessMatches 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordFormManager::ProcessMatches 
SSL errors present: false
IsPasswordManagementEnabledForCurrentPage: true
Message: PasswordFormManager::ProcessMatches 
Message: PasswordAutofillAgent::SendPasswordForms 
only_visible: false
Security origin: https://docs.google.com/ 
Number of all forms: 1
Message: Generation invalid PasswordForm

Comment 4 by dvadym@chromium.org, Jul 13

Blockedon: 831123

Sign in to add a comment