New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 798716 link

Starred by 1 user

Issue metadata

Status: Started
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome
Pri: 1
Type: Bug

Blocking:
issue 805421



Sign in to add a comment

[Blink Forms] Password typing doesn't trigger TextFieldInputType::DidSetValueByUserEdit on usermanagement.rushcard.com

Project Member Reported by kolos@chromium.org, Jan 3 2018

Issue description

1. Visit https://usermanagement.rushcard.com/retrieveaccountlogin
2. Type something to CVV field.

Check that user input doesn't trigger TextFieldInputType::DidSetValueByUserEdit. Therefore, the password manager doesn't see the password value. 

I made a quick investigation: a |TextControlElement| doesn't receive webkitEditableContentChanged event, only |keydown| and |keyup|. 

This bug breaks the password manager on this site.

Adding several Blink folks, not sure who is working on forms.
 

Comment 1 by kolos@chromium.org, Jan 3 2018

Owner: kochi@chromium.org
Takayoshi: please reassign to more relevant person if needed. 

Comment 2 by kochi@chromium.org, Jan 5 2018

Cc: -tkent@chromium.org
Owner: tkent@chromium.org
Thanks kolos@ for the report!
tkent@ will be back soon, he will be able to triage this.

Comment 3 by tkent@chromium.org, Jan 9 2018

Cc: -keishi@chromium.org tkent@chromium.org
Components: -Blink>Forms
Owner: ----
Looks like this page prevent all text-input events, and set the value by web-exposed HTMLInputElement.prototype.value setter.  So, DidSetValueByUserEdit should not be called.

Comment 4 by kolos@chromium.org, Jan 9 2018

tkent@: thanks for explanation, but the password manager has to work anytime a user types something into a password field. How can we fix this issue for such sites?

Comment 5 by kolos@chromium.org, Jan 9 2018

Perhaps we should listen another method but not DidSetValueByUserEdit, but we have no idea which one)

Comment 6 by tkent@chromium.org, Jan 9 2018

My rough idea is to add chrome_client->DidChangeValueInTextField() call at the end of HTMLInputElement::setValue() if value_changed && UserGestureIndicator::ProcessingUserGesture().

Comment 7 by kolos@chromium.org, Jan 9 2018

Seems good.

Comment 8 by kolos@chromium.org, Jan 9 2018

and thank you very much for the idea :)

Comment 9 by kolos@chromium.org, Jan 9 2018

Owner: kolos@chromium.org
Status: Assigned (was: Untriaged)
Status: Started (was: Assigned)
https://chromium-review.googlesource.com/c/chromium/src/+/856996

Comment 11 by kolos@chromium.org, Jan 10 2018

Cc: dvadym@chromium.org
Project Member

Comment 12 by bugdroid1@chromium.org, Jan 11 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6a83c2c4d82e4c1c196580539ac271ae2b592656

commit 6a83c2c4d82e4c1c196580539ac271ae2b592656
Author: Maxim Kolosovskiy <kolos@chromium.org>
Date: Thu Jan 11 11:52:59 2018

[Password Manager] Notify WebAutofillClient even if the page prevents all text-input events


Bug: 798716
Change-Id: I0c2cc3ba143f20cb1211c884be11e3d9dee9311f
Reviewed-on: https://chromium-review.googlesource.com/856996
Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org>
Reviewed-by: Kent Tamura <tkent@chromium.org>
Cr-Commit-Position: refs/heads/master@{#528600}
[modify] https://crrev.com/6a83c2c4d82e4c1c196580539ac271ae2b592656/third_party/WebKit/Source/core/exported/WebViewTest.cpp
[modify] https://crrev.com/6a83c2c4d82e4c1c196580539ac271ae2b592656/third_party/WebKit/Source/core/html/forms/HTMLInputElement.cpp
[modify] https://crrev.com/6a83c2c4d82e4c1c196580539ac271ae2b592656/third_party/WebKit/Source/core/testing/data/input_field_password.html

Project Member

Comment 13 by bugdroid1@chromium.org, Jan 16 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0beb84f6ed32bb09b70bc27a75f5659235df7c19

commit 0beb84f6ed32bb09b70bc27a75f5659235df7c19
Author: Maxim Kolosovskiy <kolos@chromium.org>
Date: Tue Jan 16 10:52:53 2018

Revert "[Password Manager] Notify WebAutofillClient even if the page prevents all text-input events"

This reverts commit 6a83c2c4d82e4c1c196580539ac271ae2b592656.

Reason for revert: The CL cause performance regressions 
https://bugs.chromium.org/p/chromium/issues/detail?id=801739
https://bugs.chromium.org/p/chromium/issues/detail?id=801651

Original change's description:
> [Password Manager] Notify WebAutofillClient even if the page prevents all text-input events
> 
> 
> Bug: 798716
> Change-Id: I0c2cc3ba143f20cb1211c884be11e3d9dee9311f
> Reviewed-on: https://chromium-review.googlesource.com/856996
> Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org>
> Reviewed-by: Kent Tamura <tkent@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#528600}

TBR=tkent@chromium.org,kolos@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: 798716
Change-Id: I9d025eaec13f1e88c4681898fa2c18825fcbd5b5
Reviewed-on: https://chromium-review.googlesource.com/867830
Reviewed-by: Maxim Kolosovskiy <kolos@chromium.org>
Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#529396}
[modify] https://crrev.com/0beb84f6ed32bb09b70bc27a75f5659235df7c19/third_party/WebKit/Source/core/exported/WebViewTest.cpp
[modify] https://crrev.com/0beb84f6ed32bb09b70bc27a75f5659235df7c19/third_party/WebKit/Source/core/html/forms/HTMLInputElement.cpp
[modify] https://crrev.com/0beb84f6ed32bb09b70bc27a75f5659235df7c19/third_party/WebKit/Source/core/testing/data/input_field_password.html

Comment 14 by tkent@chromium.org, Jan 17 2018

If adding IsProcessingUserGesture check doesn't regress performance, it's very reasonable.

If not, we might need asynchronous notification about form value change.


Cc: elawrence@chromium.org
FYI: A large number of pages set .value() on input controls as a part of feature detection and other automatic operations. The change in #12 broke Chrome's HTTPBad feature (resulting in "Not Secure" unexpectedly being shown on a huge number of HTTP pages where the user did not manually interact with the input field.  Issue 803264  adds a browser test to detect future regressions here.) 

In addition to HTTPBad, the DidChangeValueInTextField handler in Chrome also treats calls as a PageImportanceSignal (because typing in a field is considered a signal of the page's importance) so the change in #12 would also impact our page importance logic used for tab discarding, etc.

Comment 16 by kolos@chromium.org, Jan 19 2018

elawrence@: thanks for your comment, very interesting. Does it mean that we can try to re-land #12 and see whether it cause a regression again?
If you re-land #12, it will re-introduce the functional regressions described in #15. 

 Issue 803264  introduced a browser test which is designed to fail if #12 is resubmitted.

Comment 18 by kolos@chromium.org, Jan 26 2018

Blocking: 805421

Sign in to add a comment