Keepassxc-browser: False positive in input detection

Created on 21 Sep 2020  路  6Comments  路  Source: keepassxreboot/keepassxc-browser

Expected Behavior



KPXC buttons only appear on valid inputs.

Current Behavior



Sometimes invalid fields received a KPXC button.

Possible Solution



It would be nice to be able to exclude/ignore a certain input box maybe.

Steps to Reproduce (for bugs)


  1. The UI for Jaeger has an input that is incorrectly detected as a TOTP input.
    image

The input element looks suspicious, but nothing that indicates to me why it's detected as TOTP input.

<input class="ant-input" meta="[object Object]" placeholder="http.status_code=200 error=true" type="text" value="">

I don't know of a publicly accessible web UI for this sadly :(

Debug info

KeePassXC - Version 2.6.1
Revision: 9a35bba

Qt 5.15.0
Debugging mode is disabled.

Operating system: Windows 10 Version 2004
CPU architecture: x86_64
Kernel: winnt 10.0.19041

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • SSH Agent
  • KeeShare (signed and unsigned sharing)
  • YubiKey

Cryptographic libraries:
libgcrypt 1.8.5


KeePassXC - 2.6.1
KeePassXC-Browser - 1.7.1
Operating system: Win
Browser: Chromium (Edge)

bug
Source
picture oliversalzburg

All 6 comments

So this is because the placeholder of the input contains code. IMHO that is too lax.

oliversalzburg picture oliversalzburg on 21 Sep 2020
👍1

And then there's multiple sites that use code for the attribute values. We don't want to break the compatibility with them.

varjolintu picture varjolintu on 21 Sep 2020

Yes, that is totally understandable. It's tricky, because even looking for word boundaries before and after code would hit this false positive 馃 I sadly have no good suggestion either.

oliversalzburg picture oliversalzburg on 21 Sep 2020

For now I've enabled the calculation for one mutation only. But in this case there are 8 mutations, and allowing more than 3-5 would probably cause some problems. Many sites can trigger multiple calls to MutationObserver in a row, each containing more than one mutation.

varjolintu picture varjolintu on 21 Sep 2020

@varjolintu I'm not quite sure how that relates to this issue. What calculations are you referring to?

oliversalzburg picture oliversalzburg on 23 Sep 2020

@oliversalzburg Seems I replied to wrong issue! Sorry :D

varjolintu picture varjolintu on 23 Sep 2020
😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

maniqui picture maniqui  路  3Comments
whit-colm picture whit-colm  路  4Comments
christophetd picture christophetd  路  4Comments
muchqs picture muchqs  路  4Comments
compilenix picture compilenix  路  5Comments