Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-10-01 04:37:40 +02:00
Code Issues Projects Releases Wiki Activity

Avoid a common One Time Password field name (#1314)

Browse Source 
Many sites have one time password fields for Two Factor Authentication. A common name for those fields is OneTimePassword or some variant. If these fields were commonly of type "password" it would not be significant. However, since they are commonly of type "text", it is a security risk for users to auto fill these fields.
This commit is contained in:
Jonathan Ehman 2020-06-29 09:27:14 -05:00 committed by GitHub
parent 6e441e54d4
commit b4e15aba6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/services/autofill.service.ts
View File

@ -896,6 +896,9 @@ export default class AutofillService implements AutofillServiceInterface {
return false;
}
const lowerValue = value.toLowerCase();
if (lowerValue.indexOf('onetimepassword') >= 0 {
return false;
}
if (lowerValue.indexOf('password') < 0) {
return false;
}