mirror of
https://github.com/bitwarden/browser.git
synced 2024-11-28 12:45:45 +01:00
Avoid a common One Time Password field name (#1314)
Many sites have one time password fields for Two Factor Authentication. A common name for those fields is OneTimePassword or some variant. If these fields were commonly of type "password" it would not be significant. However, since they are commonly of type "text", it is a security risk for users to auto fill these fields.
This commit is contained in:
parent
6e441e54d4
commit
b4e15aba6e
@ -896,6 +896,9 @@ export default class AutofillService implements AutofillServiceInterface {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
const lowerValue = value.toLowerCase();
|
const lowerValue = value.toLowerCase();
|
||||||
|
if (lowerValue.indexOf('onetimepassword') >= 0 {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (lowerValue.indexOf('password') < 0) {
|
if (lowerValue.indexOf('password') < 0) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user