Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent Chrome and Chromium to submit username in arbitrary form fields. #520

Open
ifokkema opened this issue May 27, 2021 · 3 comments
Open

Prevent Chrome and Chromium to submit username in arbitrary form fields. #520

ifokkema opened this issue May 27, 2021 · 3 comments
Assignees
@ifokkema
Labels
bug minor cat: interface

Comments

@ifokkema
Copy link
Member

Describe the bug
The Chrome and Chromium browsers, when configured to remember the LOVD account's username and password, sometimes submit the username in seemingly random form fields. Not only in submissions but also in data views, influencing query results. Because this behavior is often hidden from the user, LOVD seems to behave incorrectly.

To Reproduce
Steps to reproduce the behavior:

  1. Using Chrome, having at least a Curator account, configure the browser to remember the account's username and password.
  2. From any gene owned by the Curator account, proceed to the full data view.
  3. Proceed to do any query.
  4. The browser has included the user's username in the Lab-ID field, and no results are likely to be returned.

Expected behavior
Chrome should not mistake LOVD for being one big login form, simply because it has password fields.
To obtain this behavior, hopefully, there is something that LOVD can do to unconfuse Chrome or perhaps, even more, confuse its already confusing behavior, preventing it from inserting the username in functional fields.

Your software (please complete the following information):

  • Chrome and Chromium, confirmed on Chrome/89, Chrome/90, Chrome/91.
@ifokkema ifokkema added this to the 3.0 Build 27 milestone May 27, 2021
@ifokkema ifokkema self-assigned this May 27, 2021
@leicray
Copy link

leicray commented Jun 1, 2021

Just to be clear, this issue is specific to Chrome and Chromium. It does not affect the recent versions of the Microsoft Edge browser that are based on Chromium.

@ifokkema
Copy link
Member Author

Hi Raymond,

I've spent some time on doing some research on this matter. I'll implement the following:

  • I'll add a hidden username field everywhere where there's a password field. I'll add the autocomplete attribute with a value of "username" to trigger Chrome to fill in the username there and nowhere else. I hope this helps.
  • I'll block auto-filling the password field for some actions, where I really need people to type their passwords.
  • I'll continue and add additional autocomplete attributes and labels to other fields to improve the autofill feature. List: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete.

@ifokkema ifokkema modified the milestones: 3.0 Build 27, 3.0 Build 28 Aug 16, 2021
@leicray
Copy link

leicray commented Feb 22, 2022

Can you say when Build 28 will be released?

While helping a novice user, I noticed that her ORCID id was being pasted into "Re-site (optional)" field when she saved changes to a variant. I had to advice her to delete the id and its corresponding password from Chrome.

LOVD ORCID Re-site filling issue
.

@ifokkema ifokkema removed this from the 3.0 Build 28 milestone Jul 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ifokkema ifokkema

Labels
bug minor cat: interface
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leicray @ifokkema