Stored Password Visible instead of Asterisks
On my website when a single account/password is stored by FireFox, each time the page loads the password is displayed as plain text not asterisks.
Is this a feature of the browser or are changes need in the elements of the form on the webpage?
If 2 or more passwords are stored by Firefox the form fields are not populated by default.
Modificato da rippo il
Soluzione scelta
The DOMi shows that there are two input elements for the password field and if you set focus to the password field then the two get swapped via JavaScript code (one gets display:inline and the other display:none). Also a class ="focus" gets added to the real #password field.
Firefox will likely store data entered in the fake input field(s) as saved form data, but I don't think that anything should get entered in the fake fields, but I don't know how the Profile Manager code would respond to this swapping.
There is this code in the main.js file
if((inputs[i].type == "text" || inputs[i].type == "password") && inputs[i].className.indexOf(o.filterClass)) { inputs[i].valueHtml = inputs[i].value; inputs[i].onfocus = function () { if(this.valueHtml == this.value) this.value = ""; if(this.fake) { inputsSwap(this, this.previousSibling); this.previousSibling.focus(); } if(o.addClassFocus && !this.fake) { this.className += " " + o.addClassFocus; this.parentNode.className += " parent-" + o.addClassFocus; } } inputs[i].onblur = function () { if(this.value == "") { this.value = this.valueHtml; if(o.passwordFieldText && this.type == "password") inputsSwap(this, this.nextSibling); } if(o.addClassFocus) { this.className = this.className.replace(o.addClassFocus, ""); this.parentNode.className = this.parentNode.className.replace("parent-"+o.addClassFocus, ""); } } if(o.passwordFieldText && inputs[i].type == "password") { var fakeInput = document.createElement("input"); fakeInput.type = "text"; fakeInput.value = inputs[i].value; fakeInput.className = inputs[i].className; fakeInput.fake = true; inputs[i].parentNode.insertBefore(fakeInput, inputs[i].nextSibling); inputsSwap(inputs[i], null); }Leggere questa risposta nel contesto 👍 0
Tutte le risposte (7)
Usually it's based on the type of form field (the value of the type attribute):
- <input type="text"> - regular characters
- <input type="password"> - asterisks
If you want to see the HTML of the field, one way is to right-click it and choose Inspect Element (Q). Firefox should open the Inspector below the page with that form field selected and you can check the value of the type attribute.
The form field is <input id="password" class=" " type="password" name="password" style="display: none;"></input>
As soon as the field is clicked the stored password is cleared and any characters entered are displayed as asterisks.
This only started happening with Firefox 26.0
Modificato da rippo il
Is that a real password that you have once entered or a possible placeholder that the web page provides?
Clear the cache and cookies only from websites that cause problems.
"Clear the Cache":
- Firefox/Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
"Remove Cookies" from sites causing problems:
- Firefox/Tools > Options > Privacy > Cookies: "Show Cookies"
You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "View > Sidebar > History") or via the about:permissions page.
Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious and if you have a password or other data from that domain that you do not want to lose then make a note of those passwords and bookmarks.
You can't recover from this 'forget' unless you have a backup of the involved files.
It doesn't have any lasting effect, so if you revisit such a 'forgotten' website then data from that website will be saved once again.
Use these steps to remove saved (form) data from a drop-down list:
- click the (empty) input field on the web page to open the drop-down list
- highlight an entry in the drop-down list
- press the Delete key (on Mac: Shift+Delete) to remove it.
The password saved by Firefox is shown in the field, as an incorrect user name and password is also remembered and displayed.
I have cleared the cache, cookies, forgot the site and form data stored for the site. When the site is loaded again there is no password displayed. After logging in the first time and remembering the password again each time the page loads the password is displayed.
You can try it yourself at www.bigmate.com. Login with any username & password and click "Remember Password". Close the browser. Open Browser and go to the page again and the password will be visible.
This only started with Firefox 26
Thanks for posting the URL. If I use the home page with JavaScript disabled, the form HTML is:
<label for="name">Username</label> <input id="username" name="username" type="text"> <label for="pass">Password</label> <input id="password" name="password" type="password"> <div class="row"> <input value="Login" id="button" name="button" type="submit">
But if I enable JavaScript, something strange happens to the form:
<label for="name">Username</label> <input id="username" name="username" type="text"> <label for="pass">Password</label> <input class=" " style="display: none;" id="password" name="password" type="password"><input style="display: inline;" class="" type="text"> <div class="row"> <input value="Login" id="button" name="button" type="submit">
The real password field is hidden and a text field appears. WTF?
Soluzione scelta
The DOMi shows that there are two input elements for the password field and if you set focus to the password field then the two get swapped via JavaScript code (one gets display:inline and the other display:none). Also a class ="focus" gets added to the real #password field.
Firefox will likely store data entered in the fake input field(s) as saved form data, but I don't think that anything should get entered in the fake fields, but I don't know how the Profile Manager code would respond to this swapping.
There is this code in the main.js file
if((inputs[i].type == "text" || inputs[i].type == "password") && inputs[i].className.indexOf(o.filterClass)) { inputs[i].valueHtml = inputs[i].value; inputs[i].onfocus = function () { if(this.valueHtml == this.value) this.value = ""; if(this.fake) { inputsSwap(this, this.previousSibling); this.previousSibling.focus(); } if(o.addClassFocus && !this.fake) { this.className += " " + o.addClassFocus; this.parentNode.className += " parent-" + o.addClassFocus; } } inputs[i].onblur = function () { if(this.value == "") { this.value = this.valueHtml; if(o.passwordFieldText && this.type == "password") inputsSwap(this, this.nextSibling); } if(o.addClassFocus) { this.className = this.className.replace(o.addClassFocus, ""); this.parentNode.className = this.parentNode.className.replace("parent-"+o.addClassFocus, ""); } } if(o.passwordFieldText && inputs[i].type == "password") { var fakeInput = document.createElement("input"); fakeInput.type = "text"; fakeInput.value = inputs[i].value; fakeInput.className = inputs[i].className; fakeInput.fake = true; inputs[i].parentNode.insertBefore(fakeInput, inputs[i].nextSibling); inputsSwap(inputs[i], null); }
Thank you for the investigation and response.
I do not know why the password would be being copied to a fake input box.
Will refer to the web developers to remove the section of javascript.
Modificato da rippo il