Open oficsu opened 1 year ago
Hmmmmm.... extremely dangerous, I disagree. Entry level auto type without confirmation is dangerous, which is why we added that prompt for confirmation. I do agree we should probably separate the functionality of that checkbox between global and entry level Auto-Type.
What is also dangerous is combining the enablement of the first two checkboxes for title and url matching with disablement of confirmation.
Entry level auto type without confirmation is dangerous
I think it's hard enough to perform Auto-Type with a shortcut or context menu accidentally, so... yes, that might be dangerous, but the confirmation dialog doesn't help you to see the mistake: neither information about the selected entry nor about the previously active window is in the dialog. That's the reason I've disabled the checkbox: it simply doesn't help me
Anyway, yes, I totally agree that the functionality of the checkbox should be separated
Overview
In short: disabling "Always ask before performing Auto-Type" combined with "Global Auto-Type sequence" is EXTREMELY DANGEROUS and causes filling of wrong credentials to login forms or an unintended leak of credentials to wrong places (e.g. google search/messengers/etc...)
Isn't this behavior expected from the checkbox name?
Absolutely not! I disable this option to prevent the appearance of a very annoying confirmation dialog when I use "Perform Auto-Type" per-entry (ctrl+shift+v). In this (completely unrelated) case, the behavior is expected and desired
But at the same time, I don't expect this option should somehow affect "Global Auto-Type shortcut" behavior, because it's... global and should always be followed by a dialog with a list of passwords/usernames
Steps to Reproduce
firefox
(or justf
);Expected Behavior
A dialog window with a list of usernames and passwords is appeared
Actual Behavior
An Auto-Type sequence is performed immediately. There is no way to select another username, password or specific Auto-Type sequence. Instead, credentials of the entry with the title
f
/firefox
are sent to the default search engine (e.g. google)The same behavior with any login field in the browser. Sometimes this also happens with the Firefox add-on and "Request Global Auto-Type" shortcut configured via the Firefox add-on manager
Context
KeePassXC - Version 2.7.4 Revision: 63b2394
Browser: Firefox 110.0 KeePassXC-Browser Version: 1.8.5.1
Operating System: Manjaro Linux CPU architecture: x86_64 Kernel: linux 6.1.12-1-MANJARO
KDE Plasma Version: 5.26.5 Windowing System: X11