Report websites where Browserpass doesn't work

[maximbaz]

Please use this thread to report websites where Browserpass doesn't fully work, e.g. Browserpass is unable to fill username or password, or fills wrong form, or autosubmit doesn't work.

I'm not promising to support every single website, but I will investigate every example and if possible improve the detection logic.

I will not however add special cases for certain websites, I don't want Browserpass become a collection of broken websites on the Internet 🙂

[maximbaz]

@532910 I have found an answer for that particular case: Firefox is blocking extensions from injecting any scripts on their domains:

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_scripts

Note that content scripts are blocked on the following domains:

accounts-static.cdn.mozilla.net
accounts.firefox.com               <----------
addons.cdn.mozilla.net
addons.mozilla.org
api.accounts.firefox.com
content.cdn.mozilla.net
content.cdn.mozilla.net
discovery.addons.mozilla.org
input.mozilla.org
install.mozilla.org
oauth.accounts.firefox.com
profile.accounts.firefox.com
support.mozilla.org
sync.services.mozilla.com
testpilot.firefox.com

Seems like we can't fix that particular use-case 😞

However, if you can reproduce this issue on other websites (like aliexpress.com), I would still be interested if you could play with the value of MAX_WAIT. You don't need to install any tools on your computer, here's what you need to do:

1. Download browserpass-firefox-3.1.1.zip from Github releases
2. Unarchive somewhere on your computer
3. In Firefox, go to about:debugging#addons
4. Click "Load temporary addon" and select manifest.json from the unpacked folder
5. Then in background.dist.js, find MAX_WAIT and change its value to 1500, 2000, etc.
6. After every change, save file, in about:debugging#addons click on "Reload" button next to Browserpass, then perform your test

[savyajha]

On the first glance I don't see an obvious place where the issue might be, let's double check some details:

* Is this the login page you use? https://www.sbicard.com/creditcards/app/user/login

* Do you have autoSubmit enabled?

* What happens if Browserpass fills the form, but you manually press "Login" button?

Yes, that is the login page that I use. I don't use auto-submit. I press enter manually after filling. Also, sorry for the late reply.

[maximbaz]

I can't find anything wrong with sbicard.com, but it's difficult to be sure because I don't have a real account to test successful login flow, I try with fake credentials and receive "bad credentials".

Is it possible that your password entry for sbicard.com contains a typo, that it differs from what you are typing manually?

If that's not the case, sadly I'm not able to proceed on this particular example 😞

[erayd]

@maximbaz I took a look at it, and it seems there are event handlers attached to the password field which might be messing with the entered value when typed, but not when pasted or filled through the DOM (which is what we are doing).

@savyajha Does that page work correctly if you paste the username and password (instead of having browserpass fill them), and then press enter to submit?

[532910]

Firefox is blocking extensions from injecting any scripts on their domains

Is it hardcoded into Firefox? If so you should also hardcode the list of mozilla domains and show explanation, instead of the error.

I can reproduce this issue on aliexpress.com and MAX_WAIT will not help. As sometimes aliexpress never ends to load the page and show loading progress permanently. It may be related to my ABP or third party cookies blocking, I don't know.

You don't need to install any tools on your computer, here's what you need to do:

Maxim, thank you for clear explanation!

[savyajha]

@erayd It works perfectly if I copy from the terminal using gopass. However, if I use the browser extension to copy the password it doesn't work.

Edit: So the interesting thing is that if I hit the key icon in front of any login entry in browserpass, it doesn't copy it. If I hit the username button, it doesn't copy it either. The contents of my clipboard do not change if I hit "copy password" or "copy username" in browserpass. I don't know if this is a known bug or if I've hit upon previously unknown weird behaviour, but there you have it.

[erayd]

@savyajha That sounds like unknown weird behavior.

Which browser (and which version of that browser) are you using?

Which version of Browserpass (both extension and native host app) are you using?

Which OS are you using?

[savyajha]

@erayd I'm using Firefox 67.0.4 on OSX. I'm using v3.1.1 of the Browserpass extension and v3.0.6 of the native host as downloaded and installed using Homebrew.

[eknoes]

Doesnt work on vBulletin Board: https://community.contao.org/en/

[maximbaz]

Thanks for the report! I've checked and it doesn't work because the site is doing something weird, they hid the password field and placed a text-field on top of it, this login form is designed against good practices and we don't try to fill out hidden fields or random text fields with passwords for security reasons.

If you feel strongly about it, I recommend you to contact developers and ask them to improve their HTML markup, maybe there's a chance they would fix it.

[eknoes]

Thanks for taking a look, I'll do that!

[532910]

Just for the note: aliexpress works significant better now.

[r7l]

https://signin.rockstargames.com does not work. It fills out the password but not the email field.

[maximbaz]

@r7l thanks for this example, it was a really difficult one but I managed to fix it in #171 🙂

[r7l]

Thanks allot!

[jeLee6gi]

Neither field is getting filled on https://epicgames.com/id/login

[maximbaz]

Thanks for the report 👍 So far can't crack this one, it seems they have custom javascript events that clear the field after Browserpass types in credentials 😕 Will keep this in mind in case a bright idea visits me on how to approach this.

[maximbaz]

@jeLee6gi: @erayd has fixed this, it is part of 3.4.0 release 😉

[meskes]

I received word that https://meine.santander.de/login/#/login/ does not work.

[maximbaz]

Thanks! This one will probably stay unsupported, the website shoots itself in the foot with their javascript logic...

Even if I make some compromises I can get Browserpass to fill the form, but the login button stays disabled (because their javascript code considers the form to be empty), and then the only option for a user is to click in the password field, which clears the field anyway.

[jeLee6gi]

@jeLee6gi: @erayd has fixed this, it is part of 3.4.0 release

Thank you @erayd and @maximbaz, that was super fast and it works like a charm

[532910]

Doesn't work on https://login.aliexpress.com more: Error: Error: No fillable forms available for fields: login, secret

(The page is completely loaded.)

[maximbaz]

@532910 this page has a login form in iframe in another domain (passport.aliexpress.com), and the error you see basically means Browserpass asked you if you allow it to fill the form in an iframe and you said "no".

We plan to implement a UI to allow users to change their mind, but it has been a very low priority so far. For now, go to Browserpass options and click "Clear usage data" button, and then try to login again :)

[532910]

Thank you for explanation. Works fine now!

[532910]

https://grabr.io/en/: the form is filled, but not submitted automatically.

[erayd]

@maximbaz This looks like a failure of the "use the debugger to press enter" logic.

1. Form fill is handled correctly (works)
2. Cannot unambiguously determine the login button, so don't autosubmit that way (works)
3. Focus the password field (works)
4. Attach the debugger and press enter (doesn't work)

There is an error emitted after the keypress code is completed: "Detached while handling command". Not detaching the debugger resolves this (albeit not in a production-suitable manner), but the form still isn't submitted correctly. I'm not particularly familiar with the chrome.debugging API - are you able to take a look at this?

[erayd]

@maximbaz Issue with https://www.barnesandnoble.com/ - it fills correctly, but throws an error when (manually) submitted. However, this error is only present when Browserpass has filled the form; it's fine otherwise. I've not tested with autosubmit.

[532910]

https://www.inf-it.com/infcloud/ the form is filled, but not submitted automatically

[erayd]

@532910

https://www.inf-it.com/infcloud/ the form is filled, but not submitted automatically

I have tested this and cannot reproduce it. When autosubmit is enabled, the form is submitted automatically, and seems to be behaving entirely correctly. Could you please provide instructions to reproduce the failure?

[532910]

Just tested on the clean profile, and it still doesn't work. Yes, autosubmit is enabled. (I've checked it on another site.) It just fills the form and doesn't submit it.

% pass inf-it.com
test
user: test@inf-it.com

Browserpass 3.4.1, Firefox 70.0 (64-bit), Debian sid

[maximbaz]

inf-it.com is an example where autosubmit works only in Chromium (thanks to debugger permission). I'll look into the other cases now, thanks for submitting so many 😉

To give you some details, when a website uses a weird markup and we are unable to identify the login button, we put focus somewhere inside the form (so that you can just press Enter), but in Chromium thanks to debugger permission we are actually able to press Enter for you, that's how it works.

[532910]

BTW, can (or will) Firefox Lockwise help with integration or it's just another internal password manager that can't be extended?

[erayd]

@532910 It's just another password manager - as far as I can see, there is no API component that would allow us to use it for managing form fills / submits.

[maximbaz]

grabr.io/en: the form is filled, but not submitted automatically.

@532910 fixed in #188 but only in Chromium, it's again the same story, their login button isn't properly marked as a button that will submit form, so we put the focus inside the form, and in Chromium we are able to issue Enter keypress, but not in Firefox.

@maximbaz Issue with barnesandnoble.com - it fills correctly, but throws an error when (manually) submitted. However, this error is only present when Browserpass has filled the form; it's fine otherwise.

@erayd I can't reproduce, I've created an account, in Chromium in incognito I open this page, click "Sign in", press Ctrl+F and Enter and I get logged in...

[erayd]

@maximbaz I've tracked down the cause.

I have a 16 character password. The password field on B&N has maxlength="15" on it, which means that typed passwords are truncated. However, Browserpass sets the value directly, and doesn't truncate - hence the error.

Do you mind if I open a PR that will truncate filled passwords if maxlength is present?

[maximbaz]

Wow, interesting, please go ahead, I think it's something we must have in the code :)

[erayd]

@maximbaz #189 :-)

[DamienCassou]

On liberapay, the password is correctly filled-in but not the username.

[maximbaz]

Thanks, good one, fixed in https://github.com/browserpass/browserpass-extension/commit/c92beaf387e39266f79716328314388e47104f03

[DamienCassou]

Maxim Baz notifications@github.com writes:

Thanks, good one, fixed in https://github.com/browserpass/browserpass-extension/commit/c92beaf387e39266f79716328314388e47104f03

Thank you

-- Damien Cassou

"Success is the ability to go from one failure to another without losing enthusiasm." --Winston Churchill

[tomclark]

Hi,

I was going to raise a feature request to ask if it'd be possible to add a context menu option so that when you right-click a form field, you can tell Browserpass what to enter in that field. It seems like that might help with this issue where sites don't correctly mark up their pages and Browserpass doesn't know what to do.

The login page for the Home Assistant control panel is guilty of this and Browserpass doesn't know which fields to fill, giving the error:

Error: Error: No fillable forms available for fields: login, secret

The Blur plugin does the kind of thing I mean, where you right-click a field and the choose what to enter in that field (I have no accounts on this page because obviously I don't use Blur for passwords):

Would that be possible? i.e. add a Browserpass option in the browser's context menu and allow you to choose which pass field to enter?

I'm using SRWare Iron 75 on macOS Catalina, FWIW, but I guess it could be made to work for all Chrome-based browsers. Apologies if this has been addressed before. I searched for "right-click" and "context" but couldn't find anything obvious.

[532910]

1. A separate issue should be opened.
2. The continuation:

   can tell Browserpass what to enter in that field and remember the decision to fill it automatically next time

[maximbaz]

Thanks for the suggestion, will track in #195

[akskap]

on onlinesbi, username is not filled in correctly but password is

[zchlm]

Soundcloud - iframe popup is dismissed on password entry

[RalfJung]

Browserpass does not seem to work on old reddit: when I want to log in via https://old.reddit.com/r/uBlockOrigin/, it is unable to fill in my reddit credentials.

EDIT: That is when clicking the "log in" button in the top right to open the popup. I later realized it actually filled in another set of login fields in the rightmost column, which I did not even realize existed. Not sure how browserpass usually deals with websites that have multiple fields, I deliberately put the focus into the password field I wanted it to fill but that did not help.

[maximbaz]

Haven't visited this issue for a while, thanks for your reports guys!

---

onlinesbi.com - interesting edge case, fixed

---

Soundcloud is an interesting example, it doesn't fill anything because the form is inside an iframe, on a different origin, and with allow-modals disabled it prevents Browserpass from asking a user to confirm whether it is okay to submit this form or not. @erayd any ideas if we can do anything about it?

---

Old reddit - we don't follow the cursor position when deciding which form to fill, there is a different logic in place. Given that on reddit both forms are valid and browserpass technically picked a valid login form, I tend to avoid doing anything else in this case 😅

[RalfJung]

Old reddit - we don't follow the cursor position when deciding which form to fill, there is a different logic in place. Given that on reddit both forms are valid and browserpass technically picked a valid login form, I tend to avoid doing anything else in this case

The form it picked is kind of hard to see at that point, because it is shaded out. But your call, I'll not use the popup any more now that I discovered the existence of that other login form.^^

[532910]

https://www.itead.cc/

[532910]

https://www.ozon.ru/

I've added it and removed later as it doesn't requires password for login, though username (e-mail/phone) is filled wrong (username is put into the search field.)