236432 – Autofill sets the `value` of an `<input>` with `name="token"` to the user's email address

RESOLVED MOVED 236432

Autofill sets the `value` of an `<input>` with `name="token"` to the user's email address

https://bugs.webkit.org/show_bug.cgi?id=236432

Summary Autofill sets the `value` of an `<input>` with `name="token"` to the user's e...

Brody

Reported 2022-02-10 00:29:47 PST

While developing a website I noticed some unusual activity while testing it in Safari. Given a form such as: ``` <form> <input type="hidden" name="token" value="[SOME LONG RANDOM STRING HERE]" autocomplete="off"> <input type="password" name="password" autocomplete="new-password"> <input type="password" name="password_confirmation" autocomplete="new-password"> </form> ``` The browser is setting the token to the user's email address. The workaround involved using the `Referer` header when the `User-Agent` matches Safari but no other browser ran into this issue.

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2022-02-10 07:25:13 PST

Likely a Safari issue, not a WebKit one. Importing the bug into radar so that it can be sent to the right people.

Radar WebKit Bug Importer

Comment 2 2022-02-10 07:25:24 PST

<rdar://problem/88753523>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution MOVED

Priority P2

Severity Normal

Classification Unclassified

Version Safari 15

Hardware Unspecified

OS macOS 12

Product WebKit

Component Forms

Assignee

Nobody

Reported

2022-02-10 00:29 PST

Modified

2022-02-10 07:26 PST History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks