Brave-browser: Login autofill popup appears unexpectedly in odd location upon page load

Created on 18 Oct 2018  路  10Comments  路  Source: brave/brave-browser

Description

When you visit a site for which you've saved a login while you're not logged in, the login autofill popup appears unexpectedly in a weird location near the top left corner of the window. Interacting with the window in any way causes the popup to disappear, and clicking the popup itself has no effect.

If you then focus one of the input fields in the site's login form, the login autofill popup appears in the correct location (underneath the input field), and works as expected.

Steps to Reproduce

  1. Log in to any website and save the password when prompted.
  2. Log out of the website.
  3. Reload the page while logged out.

Actual result:

A login autofill popup appears in a weird location upon reloading the page, e.g.

screen shot 2018-10-18 at 11 17 37 am
screen shot 2018-10-18 at 11 27 20 am

Expected result:

The login autofill popup should only appear on a logged out site after an input field on the login form is focused. It should appear in the correct location and function as expected when it is clicked.

Reproduces how often:

Easily reproduced.

Brave version (brave://version info)

Version 0.55.18 Chromium: 70.0.3538.67 (Official Build) (64-bit)

First noticed this issue while dogfooding the RC3 build.

Reproducible on current release:

  • Does it reproduce on brave-browser dev/beta builds?
  • Does it reproduce on browser-laptop?

Website problems only:

  • Does the issue resolve itself when disabling Brave Shields?
  • Is the issue reproducible on the latest version of Chrome?

Additional Information

QA Pass-Linux QA Pass-Win64 QA Pass-macOS QTest-Plan-Specified QYes bug featurautofill featurpassword-manager featuruser-interface prioritP4 release-noteinclude
Source
picture garrettr
👍4

Most helpful comment

The auto fill popup is very annoying. Yes the popup is showing up on the top left just like garrettr mentioned. There are times that I don't want to login to a website that I have a username and password saved. Please, please remove this popup or provide a setting to disable it.

Suggestion: Use the same username and password auto fill that both chrome and vivaldi uses.

picture bsd-source on 21 Nov 2018
👍3

All 10 comments

@darkdh does this hold good here as well ?

srirambv picture srirambv on 18 Oct 2018

yes @srirambv, this is intentional for the effect of kFillOnAccountSelect so that you know there is a login form that isn't in the viewport right now.
If we don't enable this, the form will be filled automatically upon page load even it is not visible to user

darkdh picture darkdh on 18 Oct 2018

@darkdh On the twitter example why aren't the credentials populated on the top right?

rebron picture rebron on 19 Oct 2018

because there is an invisible form in this page, so it prompt user for that first.
And if you click the username/password entry, you can see the form is actually filled
passwordautofill

darkdh picture darkdh on 22 Oct 2018

The auto fill popup is very annoying. Yes the popup is showing up on the top left just like garrettr mentioned. There are times that I don't want to login to a website that I have a username and password saved. Please, please remove this popup or provide a setting to disable it.

Suggestion: Use the same username and password auto fill that both chrome and vivaldi uses.

bsd-source picture bsd-source on 21 Nov 2018
👍3

The goal is to prevent https://senglehardt.com/demo/no_boundaries/loginmanager/index.html
And it can be turned off by disabling
chrome://flags/#fill-on-account-select
then username and password will autofilled when page load (including hidden forms that users can't see)

darkdh picture darkdh on 28 Nov 2018
👍2

See here.. this feature is FUBAR'red. Call it an anti-feature, because that's what it is. IMHO, you need to take it back to the drawing board and figure out just exactly WHAT you're trying to accomplish and why, because the end result is that your end users think that it's a corny glitch that you'll iron out in the next patch.

Seriously. Anti-feature. The cart is in front of the horse.

In the mean time, apparently I'm the first end user to actually post the issue in the correct community forum, where it belongs. I would deeply appreciate someone knowledgeable going over there and posting a clear and concise response, to benefit myself as well as the rest of the community. It wouldn't hurt to send someone over to reddit to clarify things over there as well.
https://community.brave.com/t/mysterious-password-pop-up/47408/8

For all intents, you can consider this me reporting a bug, except my report is in the forum, complete with a screenshot of THE Brave forum showing said glitch.. bug. ;)

crogonint picture crogonint on 9 Mar 2019

I'm getting this randomly half way down a page on a site I'm already logged in on. Pressing escape doesn't clear it, I have to make a selection to make it disappear

MacOS Mojave 10.14.3
Brave Version 0.60.48 Chromium: 72.0.3626.121 (Official Build) (64-bit)

andy-laravel picture andy-laravel on 10 Mar 2019
👍1

Yeah, I鈥檓 calling B.S. on the original issue.

1) As I mentioned in my first reply, a third party script can't authenticate and can鈥檛 pull up the login info without permission.

2) The login info does not necessarily include an email address in the first place.

3) If this was a real issue, years old, U.S. Cert would have issued a warning. Show me a U.S. Cert tracking number, or else this is a NON-ISSUE.

Finally, I believe that by posting everyone's passwords in the SAME FIELD, you are providing a PRIME spot for someone to inject using a third party add-on, script or hack and steal the passwords from THERE.

It is COUNTER-INTUITIVE to post peoples passwords in a pop-up, when your goal is to keep the login info secure!! Kindly point me to the person who thought that that was a good idea so that I can set them straight. I have serious questions as to what the true intention is.

crogonint picture crogonint on 11 Mar 2019

Verified passed with

Brave | 0.64.60 Chromium: 74.0.3729.91聽(Official Build)聽beta(64-bit)
-- | --
Revision | 03844ed83e02b8add3f4b9cb859a7108d55b2e4d-refs/branch-heads/3729@{#860}
OS | Mac OS X

Verification passed on

Brave | 0.64.60 Chromium: 74.0.3729.91聽(Official Build)聽beta聽(64-bit)
-- | --
Revision | 03844ed83e02b8add3f4b9cb859a7108d55b2e4d-refs/branch-heads/3729@{#860}
OS | Windows聽10 OS Build 17134.523

Used test plan from https://github.com/brave/brave-core/pull/2003 also checked gmail.

Verification passed on

Brave | 0.64.62 Chromium: 74.0.3729.108 (Official Build) beta (64-bit)
-- | --
Revision | daaff52abef89988bf2a26091062160b1482b108-refs/branch-heads/3729@{#901}
OS | Linux

LaurenWags picture LaurenWags on 24 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bsclifton picture bsclifton  路  3Comments
GeetaSarvadnya picture GeetaSarvadnya  路  3Comments
fmarier picture fmarier  路  3Comments
AlexeyBarabash picture AlexeyBarabash  路  3Comments
bbondy picture bbondy  路  3Comments