RESOLVED WONTFIX 116697
Prevent autofilled password field from getting cleared with a script 
https://bugs.webkit.org/show_bug.cgi?id=116697
Summary Prevent autofilled password field from getting cleared with a script
Sergey
Reported 2013-05-23 16:55:55 PDT
Some websites contain scripts that clean up all fields in a hidden form once the form becomes visible. This produces a collision if a field in the form has been autofilled. To work around this problem, prevent scripts from cleaning up at the very least password fields that have been autofilled.
Attachments
Patch (3.71 KB, patch)
2013-05-23 17:11 PDT, Sergey 		jberlin: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sergey
Comment 1 2013-05-23 17:11:41 PDT
Created attachment 202754 [details] Patch
Jessie Berlin
Comment 2 2013-05-23 18:13:25 PDT
Comment on attachment 202754 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=202754&action=review > Source/WebCore/html/HTMLInputElement.cpp:1031 > + return; This is very clearly against specification. http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#dom-input-value "On setting, it must set the element's value to the new value"
Jessie Berlin
Comment 3 2013-05-23 18:14:17 PDT
The current behavior is correct. We should not make the change asked for by this bug.
Sergey
Comment 4 2013-05-24 10:30:16 PDT
OK, can we send a request to update the specification then? Or by saying "The current behavior is correct" you mean that not only it matches the spec, but also that it is correct and logical from your personal point of view? I am not sure that allowing to erase an autofilled password is logical indeed.
Jessie Berlin
Comment 5 2013-05-24 16:47:11 PDT
(In reply to comment #4) > OK, can we send a request to update the specification then? No. > Or by saying "The current behavior is correct" you mean that not only it matches the spec, but also that it is correct and logical from your personal point of view? Yes.
Note You need to log in before you can comment on or make changes to this bug.