Open gabrielfin opened 8 months ago
Hi there,
Thank you for your report!
I have flagged this to our engineering team.
If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.
Thanks once again!
With version 2024.2.0 I'm unable to replicate the bug
It keeps happening for me in version 2024.2.0
I think a browser restart is required after step 1. And it might only happen in Firefox. I could not replicate it in Chromium.
This is probably broken in general, see https://github.com/bitwarden/clients/issues/11507
Wanna chime in here and first say that I think this topic is a good one to discuss and a concern that the autofill feature needs to improve upon.
I think the answer to this "bug" is more complex than just simply "disallowing" autofill on fields that contain autocomplete="new-password"
. In an ideal world, it would 100% make sense for us to guard against inserting the password into form fields that contain that attribute.
Unfortunately, we don't live in an ideal world and we can easily find examples out in the wild where the autocomplete attribute is misused in either a intentional or non-intentional manner.
Take for example the form on https://account.humana.com/. The password field contains an autocomplete="new-password"
attribute, which would not be able to be filled if we guarded against filling of this attribute.
I'm willing to bet most technical users are going to be quick to state that "they didn't follow the spec, the website needs to correct itself." I absolutely agree with that sentiment, as I'm also a technical user.
The vast majority of users are going to say "Bitwarden didn't autofill my password into this login form, so Bitwarden must be broken". They wouldn't be wrong about that either.
So yeah, the sentiment above is not to say we won't fix this issue or look for a better way to represent the autocomplete spec. However, there are complications with trying to find a solution that makes sense from an end user perspective.
For now, please just know that the team is not ignoring this concern and has in fact been spending time thinking about better approaches to qualifying form fields for autofill. We'll keep working on improvements and will come back to this thread when we have some better answers to this "bug".
Steps To Reproduce
Expected Result
The password field should not be auto-filled on page load, since it contains the attribute autocomplete="new-password"
This was a feature, see https://github.com/bitwarden/clients/pull/1400
Actual Result
The new password field is auto-filled
Screenshots or Videos
No response
Additional Context
This did not occur in previous versions (for example, I'm sure it didn't happen at least in 2023.7.1)
Operating System
Linux
Operating System Version
No response
Web Browser
Firefox
Browser Version
123.0
Build Version
2024.1.1
Issue Tracking Info