Open michalrus opened 1 year ago
erayd
commented
1 year ago @maximbaz What do you think?
My opinion is that this is way out of scope... i.e. that we shouldn't be building an interface to handle such an extreme departure from the norm of filling one and only one field per value. If we were to automate this, it would also risk leaking parts of the secret into fields they should not be entered into.
maximbaz
commented
1 year ago I also feel like it's very special and unique interface, where I just don't know a good way to support it without risking of either leaking credentials or breaking input on other websites...
michalrus
commented
1 year ago Sure, that sounds reasonable, thank you!
It’s rather uncool that bank users cannot turn this option off. I already filed a complaint, we’ll see, but changing anything in banks is very hard.
I remember KeePass 2.x used to have {PICKCHARS}, e.g.:
… but I think they emulated actual keypresses in OS
Some services (I think I've only seen that in Polish banks) require you to input only selected letters from the password, e.g.:
General information
$ browserpass --version):Browserpass host app version: 3.0.10$ git describe --always): n/a, butnix-repl> browserpass.src.url = "https://github.com/browserpass/browserpass-native/archive/3.0.10.tar.gz"Exact steps to reproduce the problem
What should happen?
I would imagine, in ideal world
browserpass-extensioncould ask me which characters I want to input, and then input them, one per each<input type="password">.What happened instead?
Only the first letter is filled in.