ElkArte Community

Elk Development => Bug Reports => Exterminated Bugs => Topic started by: AaronB on June 21, 2014, 03:10:29 pm

Title: Registering New Member auto fills Admin data
Post by: AaronB on June 21, 2014, 03:10:29 pm
Logged in as Admin, site is in Maintenance Mode.

Go to do an Admin registration for a new member and some of the Admin data is auto filled. See attachment.

Title: Re: Registering New Member auto fills Admin data
Post by: Spuds on June 21, 2014, 03:45:38 pm
Have to look but first guess is that we are missing a couple of autocomplete="off" statements in that form.
Title: Re: Registering New Member auto fills Admin data
Post by: phantom on June 21, 2014, 03:47:27 pm
Latest Chrome doesn't respect autocomplete="off" anyway.. :|
Title: Re: Registering New Member auto fills Admin data
Post by: Spuds on June 21, 2014, 04:15:42 pm
Arg ... and I see IE11 will ignore it on password fields as well, preferring to use its internal smarts.  

I'll add it to the form as a start which will help with some browsers.  Past that, don't know, randomize the input name or some JS to try and prevent it.
Title: Re: Registering New Member auto fills Admin data
Post by: emanuele on June 21, 2014, 04:32:55 pm
Yep, I read the same about Chrome and Safari: they are going to ignore autocomplete=off[1]I'd guess some javascript to cleanup the forms that need to be empty on $(document).ready.
that TBH is a very good thing, I want to decide if save or not the data, non of your business, yes it could be used properly, but it has been used in stupid ways. :P
Title: Re: Registering New Member auto fills Admin data
Post by: Spuds on June 21, 2014, 05:25:30 pm
Here is an attempt: https://github.com/Spuds/Elkarte/commit/1beca50f0b2f90da27a70992d997453930a20256

We already had some JS to add "autocomplete off"  in profile.js

I've moved that to script_elk.js since we may need it in a few more places.  I also updated it to use JQuery.  In addition to adding the autocomplete=off I added in a .val('') to empty anything it may have been added.  No idea if that will work or not or if its even a good idea.  At least its a central function to work on/with for this issue.
Title: Re: Registering New Member auto fills Admin data
Post by: emanuele on June 21, 2014, 11:36:40 pm
Chrome is still loading the data... apparently they are added (by chrome), removed (by Elk), and then added again. >_<

I tried with a timed out call like that:
Code: [Select]
/**
 * Attempt to prevent browsers from auto completing fields when viewing/editing other members profiles
 * or when register new member
 */
function disableAutoComplete()
{
if (document.addEventListener)
document.addEventListener("DOMContentLoaded", delay_disableAutoCompleteNow, false);
}

function delay_disableAutoCompleteNow()
{
setTimeout(function() {disableAutoCompleteNow();}, 100);
}
/**
 * Once DOMContentLoaded is triggered, find text and password fields in the forms
 * turn autocomplete off and sempty the value.
 */
function disableAutoCompleteNow()
{
$("input[type=text]").attr("autocomplete", "off").val('');
$("input[type=email]").attr("autocomplete", "off").val('');
$("input[type=password]").attr("autocomplete", "off").val('');
}
it works, but is really a bit odd... :-\
Title: Re: Registering New Member auto fills Admin data
Post by: Spuds on June 22, 2014, 04:04:50 am
Well at least you found something that works.   I have not tried this: http://benjaminjshore.info/2014/05/chrome-auto-fill-honey-pot-hack.html but maybe that would work as well?

Only other thing that I can think of is the random name thing on the field like done in auto suggest (I think).
Title: Re: Registering New Member auto fills Admin data
Post by: emanuele on June 22, 2014, 10:03:35 am
Nice finding! :D
That looks rather neat.
Title: Re: Registering New Member auto fills Admin data
Post by: Joker™ on June 22, 2014, 01:47:35 pm
Hey @Spuds

Give this a try

Code: [Select]
$(document).ready(function(){
    $(‘:input’).on(‘focus’,function(){
        $(this).attr(‘autocomplete’, ‘off’);
    });
});
Title: Re: Registering New Member auto fills Admin data
Post by: emanuele on June 22, 2014, 01:58:27 pm
Nope, already tried, doesn't work.
Chrome re-adds the user and password even if you remove them on document.ready.
Title: Re: Registering New Member auto fills Admin data
Post by: Spuds on June 22, 2014, 02:31:23 pm
Funny how we get this nice new feature in html5 only to have the browsers know better :P

Could try it as a load event, that should occur after dom ready  ... so thats as late in the process as possible I think, may negate the need for the delay?  Have not had a chance to try the honeypot approach in that blog, so if someone has time to give that a shot, please do, I'm stilling fidgeting with the darn linktree !
Title: Re: Registering New Member auto fills Admin data
Post by: Joker™ on July 06, 2014, 04:46:10 pm
Nope, already tried, doesn't work.
Chrome re-adds the user and password even if you remove them on document.ready.
Forgot the basics of ready and onload :-X. Joker is getting old :D

Funny how we get this nice new feature in html5 only to have the browsers know better :P

Could try it as a load event, that should occur after dom ready  ... so thats as late in the process as possible I think, may negate the need for the delay?  Have not had a chance to try the honeypot approach in that blog, so if someone has time to give that a shot, please do, I'm stilling fidgeting with the darn linktree !
Yup, tried the honeypot thing and it worked well with latest chrome (35.0.1916.153) on mac. But being a JS fan I wrote another snippet and the autocomplete issue got fixed with that too. Which approach seems better?

Code: [Select]
window.onload = function() {
if (navigator.userAgent.toLowerCase().indexOf("chrome") >= 0) {
setTimeout(function() {
console.log("calling");
$(".input_text").val(" ").val("");
$(".input_password").val(" ").val("");
}, 1);
}
};
Title: Re: Registering New Member auto fills Admin data
Post by: Spuds on July 07, 2014, 12:13:32 am
Coolness ...

The honeypot is good for some cases, when you add it anything below that point will not autofill so its not very selective or you have to arrange your form just right.  On the plus side it will work with JS off, so for some that could be a plus.

We should really just add that timeout function for all browsers, its not going to hurt anything and allows us to call it as needed for more specific targeting.
Title: Re: Registering New Member auto fills Admin data
Post by: emanuele on July 07, 2014, 09:22:22 am
/me likes
Title: Re: Registering New Member auto fills Admin data
Post by: Joker™ on July 13, 2014, 11:47:06 am
Coolness ...

The honeypot is good for some cases, when you add it anything below that point will not autofill so its not very selective or you have to arrange your form just right.  On the plus side it will work with JS off, so for some that could be a plus.
+1

We should really just add that timeout function for all browsers, its not going to hurt anything and allows us to call it as needed for more specific targeting.
Ohh, yup thats sound nice. Actually I was having some fun with chrome, as a result the checked slipped in.

So I think we should move forward with honeypot approach and keep the JS approach as a back up, thoughts?
Title: Re: Registering New Member auto fills Admin data
Post by: Spuds on July 13, 2014, 01:52:24 pm
Agreed ... I think thats what we have in the repo now as well (its all a blur :D).   The hidden field is named autofill_honey_pot in hopes that when someones finds it they don't think we are nuts for to long.
Title: Re: Registering New Member auto fills Admin data
Post by: Joker™ on July 20, 2014, 04:30:54 pm
Agreed ... I think thats what we have in the repo now as well (its all a blur :D).   The hidden field is named autofill_honey_pot in hopes that when someones finds it they don't think we are nuts for to long.
There is a website (http://www.naukri.com/) which I use to find jobs, while surfing it I saw that it easily bypasses the chrome autofill thinggy. I haven't seen any sort of hack on it so far, but I'm trying to debug it out.
Title: Re: Registering New Member auto fills Admin data
Post by: kode54 on October 28, 2017, 06:49:09 am
Recalling this, since it still seems to be a thing with Safari on macOS. It just delay fills the form regardless of what I do. It's especially annoying on user profile edits, where it fills out the user's email address field with my user name.