New form parser ignores password-less server hints |
|||||
Issue descriptionChrome Version: 69.0.3466.0 URL: https://accounts.google.com After the user entered their username, accounts.google.com updates the form to show the password field and sticks the username into <input type="email" name="identifier" ... autocomplete="off" id="hiddenEmail">, with the value being the username. accounts.google.com also annotates the password field with autocomplete="current-password". The autofill server sends a vote that the "identifier" field is actually a username, but comments on no password fields. As a result, when the new parser tries server hints, it throws them away for having no password field included. Then it goes on to the autocomplete analysis, and finds the password, but not the username. There are no consequences on accounts.google.com, however: (1) Saving works correctly, thanks to looking for non-empty fields. (2) Filling works correctly, because as long as the username field is editable (in the first phase), it is marked up correctly as autocomplete="username", so it gets filled.
,
Jun 19 2018
Correction about saving: it works correctly, because the old parser is currently used to get values from submitted forms. I'm reopening this to check all works fine once the new parser also handles saving. I still maintain that the effect on M69 is nil.
,
Jun 19 2018
Another case: https://authentication.td.com/uap-ui/index.html?consumer=easyweb&locale=en_CA#/login/easyweb-getting-started gets a server hint about username, but the new parser uses local analysis. After r568393 it should actually get it right nevertheless, but it's a shame to waste the server input.
,
Jul 9
,
Jul 9
,
Nov 19
This is not causing significant troubles right now. In the long run, ensuring that the server hints do contain passwords seems like a more efficient way to fix this. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by vabr@chromium.org
, Jun 19 2018