1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-28 12:45:45 +01:00

Avoid a common One Time Password field name (#1314)

Many sites have one time password fields for Two Factor Authentication. A common name for those fields is OneTimePassword or some variant. If these fields were commonly of type "password" it would not be significant. However, since they are commonly of type "text", it is a security risk for users to auto fill these fields.
This commit is contained in:
Jonathan Ehman 2020-06-29 09:27:14 -05:00 committed by GitHub
parent 6e441e54d4
commit b4e15aba6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -896,6 +896,9 @@ export default class AutofillService implements AutofillServiceInterface {
return false;
}
const lowerValue = value.toLowerCase();
if (lowerValue.indexOf('onetimepassword') >= 0 {
return false;
}
if (lowerValue.indexOf('password') < 0) {
return false;
}