Bug 200037

Summary:

Allow clients to toggle a text input field between being viewable and having characters hidden while maintaining a yellow auto-filled appearance

Product:

WebKit

Reporter:

Priyanka <pagarwal999>

Component:

Forms

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Enhancement

CC:

a.tion.surf, bweinstein, cdumez, commit-queue, dbates, jberlin, webkit-bug-importer, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

Safari 12

Hardware:

All

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none

Priyanka

Reported 2019-07-23 11:41:08 PDT

Allow Clients to make an input field considered autofilled and secure while viewable

Attachments
Patch (18.43 KB, patch) 2019-07-23 21:33 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (19.16 KB, patch) 2019-07-24 18:43 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (36.47 KB, patch) 2019-08-05 17:25 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (36.51 KB, patch) 2019-08-05 17:35 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (78.42 KB, patch) 2019-08-05 17:46 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (84.07 KB, patch) 2019-08-06 06:43 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (172.76 KB, patch) 2019-08-06 08:32 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (86.08 KB, patch) 2019-08-06 11:39 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (86.33 KB, patch) 2019-08-06 14:55 PDT, Priyanka	no flags	Details Formatted Diff Diff
Patch (86.51 KB, patch) 2019-08-07 09:51 PDT, Priyanka	no flags	Details Formatted Diff Diff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.

Priyanka

Comment 1 2019-07-23 21:33:12 PDT

Created attachment 374760 [details] Patch

Priyanka

Comment 2 2019-07-24 18:43:54 PDT

Created attachment 374843 [details] Patch

Daniel Bates

Comment 3 2019-07-24 19:19:10 PDT

Test please. Look at strong password tests for examples. Indentation of case statements look off, like tabs or something. Fix. Make sure no tab chars in files

Daniel Bates

Comment 4 2019-07-24 19:45:01 PDT

Comment on attachment 374843 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=374843&action=review Good start, but this patch is missing invalidation logic to handle things like (off the top of my head): 1. Form reset - grep for ::reset 2. When HTML type attribute changes 3. When HTML value attribute changes (2) and (3) call :: resignStrongPasswordAppearance. <— Grep that, it needs to be patched. Look at all callers, more patching may be needed. > Source/WebCore/css/html.css:740 > + background-color: #FAFFBD !important; > + background-image: none !important; > + color: #000000 !important; In my opinion I would share with ^^^^ selectors instead of duplicating.

Priyanka

Comment 5 2019-08-05 17:25:28 PDT

Created attachment 375585 [details] Patch

Priyanka

Comment 6 2019-08-05 17:26:08 PDT

Added tests, added invalidation logic, and shared with selectors.

Priyanka

Comment 7 2019-08-05 17:35:09 PDT

Created attachment 375588 [details] Patch

Priyanka

Comment 8 2019-08-05 17:46:53 PDT

Created attachment 375590 [details] Patch

Priyanka

Comment 9 2019-08-06 06:43:03 PDT

Created attachment 375621 [details] Patch

Priyanka

Comment 10 2019-08-06 08:32:28 PDT

Created attachment 375623 [details] Patch

Priyanka

Comment 11 2019-08-06 11:39:05 PDT

Created attachment 375633 [details] Patch

Daniel Bates

Comment 12 2019-08-06 13:21:57 PDT

Comment on attachment 375633 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=375633&action=review This looks really good. > Source/WebCore/ChangeLog:3 > + Allow Clients to make an input field considered autofilled and secure while viewable Bug title should be fixed 🙂: Clients => clients > Source/WebCore/ChangeLog:6 > + I feel that the title is hard to read and confuses me. I don't understand how a field can be considered "secure" and viewable. <-- I know what you mean by reading the patch, but that's not how I would describe this change. Can we please improve the title? If not, please provide a more elaborated description of the purpose of this change under the "Reviewed by" line. > Source/WebCore/css/html.css:740 > + -webkit-text-security: none !important; > + cursor: default !important; > + font-family: monospace; This is duplicating the properties of input:-webkit-autofill-strong-password (above). Please share. > LayoutTests/fast/forms/auto-fill-button/resources/process-auto-fill-button-type-and-invoke-runTest-for-strong-password-viewable.js:13 > +window.onload = function () > +{ > + if (!window.internals) { > + console.log("This test must be run in DumpRenderTree or WebKitTestRunner."); > + return; > + } > + let inputElements = document.getElementsByTagName("input"); > + for (let inputElement of inputElements) { > + internals.setAutoFilledAndViewable(inputElement, inputElement.dataset.autoFilledAndViewable == "true"); > + } > + if (window.runTest) > + window.runTest(); > +} This duplicates the code in <https://trac.webkit.org/browser/webkit/trunk/LayoutTests/fast/forms/auto-fill-button/resources/process-auto-fill-button-type-and-invoke-runTest.js>. Only difference is checking for inputElement.dataset.autoFilledAndViewable. Please modify process-auto-fill-button-type-and-invoke-runTest.js instead of duplicating it.

Daniel Bates

Comment 13 2019-08-06 13:26:17 PDT

Comment on attachment 375633 [details] Patch I just realized that this patch does not handle the case where the field's value changes programmatically. We need to patch up setValueFromRenderer()

Daniel Bates

Comment 14 2019-08-06 13:26:57 PDT

Daniel Bates

Comment 15 2019-08-06 13:29:30 PDT

(In reply to Daniel Bates from comment #13) > Comment on attachment 375633 [details] > Patch > > I just realized that this patch does not handle the case where the field's > value changes programmatically. We need to patch up setValueFromRenderer() Actually, I'm not sure what you intended the behavior to be for this feature when this happens. Either need to patch up setValueFromRenderer () or code is okay as-is and you just need to explain in the ChangeLog why we don't need to touch setValueFromRenderer().

Priyanka

Comment 16 2019-08-06 13:39:59 PDT

(In reply to Daniel Bates from comment #15) > (In reply to Daniel Bates from comment #13) > > Comment on attachment 375633 [details] > > Patch > > > > I just realized that this patch does not handle the case where the field's > > value changes programmatically. We need to patch up setValueFromRenderer() > > Actually, I'm not sure what you intended the behavior to be for this feature > when this happens. Either need to patch up setValueFromRenderer () or code > is okay as-is and you just need to explain in the ChangeLog why we don't > need to touch setValueFromRenderer(). As per off-line discussion, behavior is intentional and WebCore ChangeLog updated to describe the reason why we don't change setValueFromRenderer.

Priyanka

Comment 17 2019-08-06 14:55:17 PDT

Created attachment 375651 [details] Patch

Priyanka

Comment 18 2019-08-07 09:51:51 PDT

Created attachment 375705 [details] Patch

WebKit Commit Bot

Comment 19 2019-08-07 10:24:26 PDT

Comment on attachment 375705 [details] Patch Clearing flags on attachment: 375705 Committed r248373: <https://trac.webkit.org/changeset/248373>

WebKit Commit Bot

Comment 20 2019-08-07 10:24:28 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 21 2019-08-07 10:25:23 PDT

<rdar://problem/54039116>

Note You need to log in before you can comment on or make changes to this bug.