Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chrome now shows passwords from Autofill in plain texts #13

Open
jhintringer opened this issue Oct 15, 2018 · 8 comments
Open

Chrome now shows passwords from Autofill in plain texts #13

jhintringer opened this issue Oct 15, 2018 · 8 comments

Comments

@jhintringer
Copy link

disableautofill
By using this script the autofill popup is trying to suggest passwords used from this domain.
Seems not to solve the problem, but creates a security issue.
@terrylinooo
Copy link
Owner

What version of Chrome do you use?
It is better if you have an example in jsfiddle, I can take a look into it quickly.

@Arduino1987
Copy link

same on FireFox 62.0.3 (64-bit) on Ubuntu.

@jhintringer
Copy link
Author

jhintringer commented Oct 18, 2018
edited
Loading

I'm using Chrome 71.0.3578.10 dev (Dev Channel), but it also seams to occur in the newest stable version of chrome. OS is Win 10 Pro.

I can't make you a jsfiddle, because it depends on your machine, if you already have passwords saved for this domain ;)

@DarthSonic
Copy link

DarthSonic commented Oct 24, 2018
edited
Loading

In Chrome 70 your demo page shows password in plain text and also I got usernames suggested I used on other domains. disableAutoFill-Plugin does not work.

@catn8r
Copy link

catn8r commented Nov 5, 2018

I can't get it to work on Chrome either (it only seems to ignore new-password and current-password) so I experimented a little and came up with this:

$(':password[autocomplete!="on"]').each(function () {
        $(this).attr('readonly', true);
        $(this).one('disable-autofill', function () {
            $(this).removeAttr('readonly');
        });
        $(this).one('keyup', function () {
            $(this).trigger('disable-autofill');
        });
        if (/MSIE|Trident|Edge/.test(window.navigator.userAgent)) {
            $(this).trigger('disable-autofill');
        }
});

It just finds all elements which have autocomplete not set to on (ignores the form element), sets them temporarily to readonly which disables any autofills at least in newer versions of chrome, ff and ie, then remove the readonly attribute when the user selects the element (or in IE just triggers it).
Maybe this could be an idea? @terrylinooo

@kampit
Copy link

kampit commented Dec 10, 2018

add class="password" to your password input.

Example: https://jsfiddle.net/terrylinooo/hhgzbsvy/

@yanivush
Copy link

add class="password" to your password input.

Example: https://jsfiddle.net/terrylinooo/hhgzbsvy/

You have here bug of "Cannot read property 'join' of undefined" when try to submit with empty password field..

I have posted about this problem..

@cekvenich
Copy link

cekvenich commented Mar 30, 2020
edited
Loading

https://github.com/terrylinooo/jquery.disableAutoFill#suggestion
+
.pswd {
-webkit-text-security: disc;
}
or // https://fontstruct.com/fontstructions/show/1106896/password_dots_2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@DarthSonic @kampit @yanivush @jhintringer @catn8r @terrylinooo @Arduino1987 @cekvenich