Chrome tries to fill email and password inside "transaction amount" fields (currency)
Reported by
williamd...@gmail.com,
Apr 11 2018
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Steps to reproduce the problem: 1. visit https://test.secure.staging.conio[dot]com/dashboard/index.html 2. login with simone+777@conio.com and password Abcdef1! 3. save the credentials 4. open again the website, in incognito window 5. the credentials will be suggested, use them to login 6. the credentials will now be suggested for two CURRENCY fields which have autocomplete="transaction-amount" (so it should never cause an email to be suggested!) 7. IMPORTANT: refreshing the page makes the suggestion go away (until next login...) What is the expected behavior? it should not suggest email and password for numeric fields, especially if they have autocomplete="transaction-amount" What went wrong? it is suggesting email and password Did this work before? N/A Does this work in other browsers? N/A Chrome version: 65.0.3325.181 Channel: stable OS Version: Flash Version:
,
Apr 11 2018
,
Apr 12 2018
Able to reproduce the issue on reported chrome version 65.0.3325.181 and on the latest canary 67.0.3395.0 using Windows 10, Ubuntu 14.04 and Mac 10.13.1. As the issue is seen from M60(60.0.3072.0) considering it as Non-Regression and marking it as Untriaged. Hence requesting someone from "UI>Browser>Passwords" teasm to have a look into this. Thanks!
,
Apr 12 2018
Wow this is strange. The annotations field don't look like they should lead to filling at all. The behavior also stops when I refresh the page. My hypothesis is that either the UI framework caches and repurposes the input fields in the DOM. Or we have a bug with form field matching. Hopefully, the latter would be fixed by dvadym in the next days.
,
Apr 12 2018
As for the "dom reusing" hypothesis, I thought about it and I specifically added different key="something" to the 4 input fields, to force reactjs to avoid doing that, but the problem persists
,
Apr 12 2018
Chrome fills with the password only fields that are passwords now or were passwords earlier (in order to cover case when a site has an option to show the typed password). williamd...@ Is the type of the numeric field changed from password to number?
,
Apr 12 2018
No I am rendering 4 completely different components. The LoginComponent is rendering two input fields with type="text", autocomplete="email" and type="password", autocomplete="password" After the login is successful, the LoginComponent is destroyed and a new HomeComponent is created, which renders (among other stuff) two input fields with type="number", autocomplete="transaction-amount". I don't know if react is actually trying to be so smart as to reuse the email/password fields by changing their attributes and transforming them to the new input fields I'm rendering, however, I gave them two different 'key' values so react should not do that.
,
Apr 12 2018
I want to add: even if react is actually doing that, I guess there are performance benefits in doing it. So Chrome should deal with this possibility of attributes being changed .. |
||||
►
Sign in to add a comment |
||||
Comment 1 by susan.boorgula@chromium.org
, Apr 11 2018