diff options
| author | Michael Catanzaro <mcatanzaro@redhat.com> | 2023-01-22 15:06:35 -0600 |
|---|---|---|
| committer | Michael Catanzaro <mcatanzaro@redhat.com> | 2023-01-22 16:53:27 -0600 |
| commit | 5586618e58a12f3a3a5a35b300207b9eecd63c89 (patch) | |
| tree | 2f1ab46b2b9c7e59676d3daaa47b29e18e281fae | |
| parent | 4d70e2047e2330d75896b50030b30d34a72c277d (diff) | |
| download | epiphany-mcatanzaro/password-manager.tar.gz | |
Password manager should autofill forms more aggressivelymcatanzaro/password-manager
Currently the password manager will only fill passwords if the origin,
form target origin, username, name of username element, and name of
password element all match what is stored in the keyring. In practice,
this is just too strict because some websites do weird stuff with their
forms. Changing the form before submission might seem weird, but it's
tame compared to other weird stuff websites do with their forms.
| -rw-r--r-- | embed/web-process-extension/resources/js/ephy.js | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js index 6fccd3d94..cf50bf23e 100644 --- a/embed/web-process-extension/resources/js/ephy.js +++ b/embed/web-process-extension/resources/js/ephy.js @@ -511,12 +511,27 @@ Ephy.FormManager = class FormManager if (!Ephy.shouldRememberPasswords()) return; + // We pass null for the last two parameters here, formAuth.usernameField + // and formAuth.passwordField, to maximize our chance of receiving a + // matching result. This allows us to fill passwords on websites that + // do weird things like changing the form elements after autofill but + // before the form is submitted, which would otherwise prevent us from + // matching successfully. + // + // This means we have no hope of supporting websites that require + // multiple passwords without username selectors, like old Mailman + // lists, but it improves our robustness for typical websites. + // + // And yes, this does indeed mean that it's useless for us to store the + // username and password field names, since this is the only place they + // would ever be used, but perhaps they'll be useful in the future if + // our strategy ever changes. Ephy.passwordManager.query( formAuth.origin, formAuth.targetOrigin, formAuth.username, - formAuth.usernameField, - formAuth.passwordField).then(authInfo => { + null, + null).then(authInfo => { if (!authInfo) { Ephy.log('No result'); return; |