Request for Site-Improvements in v2.1.0

[Phloks]

Hi, at frist thank you for your enhanced chromeIPass!

But there are still some sites which not working with chromeIPass.

On these sites, with popup logins, it helps to choose own credential fields for the login, but chromeIPass detects them not per default.

• https://www.mywot.com/
• https://www.share-online.biz

On these sites doesn't help anything, Fill-In via context menu or choose own credential fields doesn't work:

• https://mega.co.nz/#login
• https://www.virustotal.com/
• https://forums.geforce.com/ (EDIT: Sorry, context menu works.)
• https://www.zoho.com/mail/login.html
• https://desktop.glidesociety.com/ui/desktop.aspx (Flash-Login, maybe useless)
• http://wallbase.cc/home

It would be great if you can fix these sites. :)

And why have you removed the refresh function for password? I found this very useful. Or it just doesn't work for me? Isn't important just a litte bit confusing: Why is the update notification synced with Ispcity/keepasshttp although there is above a link to pfn/keepasshttp?

[lsgd]

Hi Phloks, thank you for your help and feature requests.

1) automatically detect fields chromeIPass does only auto-detect credential fields if they are visible at the page directly after the page finished loading. Hidden fields and new created fields (e.g. loaded with ajax) aren't detected automatically. But you can press Ctrl + Shift + U / P or the context menu to redetect the credential fields as you already discovered. I will add a button on the popup if no credentials were detected to trigger this event also with a button.

2) doesn't work on listed pages Thank you for your testing! I tested it also on several pages, but could not find an error. With your sites I found the problematic sourcecode and will fix it for the next version. Logins on flash aren't supported because chromeIPass is based on JavaScript and only works on the Document Object Model (DOM).

3) refresh function for passwords What do you exactly mean? ^^ I'm unaware of removing a feature.

4) update function Thank you. I thought that I replaced all my repositories with the reps of pfn. Seems that I didn't do a search & replace :-/ Now I have access to the reps of pfn and currently I'm merging everything back to the original repo.

[Phloks]

With refresh function for passwords I mean the case when this message appear:

I have also checked the checkbox from keepasshttp 'Always allow updating entries', but the message doesn't appear.

Probably the problem is my configuration and it works for others. I've also recognized that the update from ChromeIPass 1.5.4 to 2.1.0 damage all connections to databases, only a reinstall solve it. Hopefully this won't happen on further updates.

[lsgd]

a) The next version is ready (but not released till now), which fixes redetecting credential fields like for mega, wallbase, geforce-forum and co.

Some pages aren't in a valid html format, they use the identifier of one of the credential fields more than once in the document. But an identifier has to be unique. Because there could be side effects I cannot simply rename the identifier and for speed it is better to use the ID for traversing with JQuery in the document. Virustotal is one of those pages: They use the id="username" more than once and therefor only the password field can be filled-in.

For zoho.com: They use an frame to show the credentials form. The credentials in KeePass have to have the domain "https://accounts.zoho.com/". Then it will at least work with the next version ;-) (didn't check it with the current one)

b) Refresh-Function This should appear when you enter new credentials or if you change existing credentials and submit the form. "Always allow updating entries" does only by-pass the baloon-tip and request for access. The remember-dialog also only appears if the password-field isn't cleared by some JavaScript of the page before submitting it (like hash it before sending it and save it in a hidden field)

I've checked the refresh-version on several sites and couldn't find an error. I will release the next version today, but I'm waiting for your response. Maybe you have some new information about the remember-dialog.

Thank you.

[Phloks]

Used Versions: chromeIPass Version:2.2.1 (Webstore) KeePassHttp Version:1.1.4.0

I've tested the refresh-function by change the autofilled credentials on login sites in chrome, try log-in and usually the chromeIPass dialog appears, but unfortunately I've tried this on sites which the function doesn't work:

• https://www.tumblr.com/login
• http://adtunes.com/forums/login.php?do=login
• https://www.myspace.com/auth/form
• http://crossrider.com/login
• http://world1.freewar.com/freewar/
• https://soundcloud.com/
• http://en.netlog.com/

While testing, sometimes the chromeIPass refresh dialog don't react and only a restart helped. I also found more sites who choose-own-credential-fields doesn't work, maybe it helps to improve the detect-script:

• http://watched.li/user/index
• http://uploaded.net/#login
• https://www.myspace.com/
• http://forums.mydigitallife.info/forum.php
• http://twitch.tv/
• http://www.codeweavers.com/
• http://www.insanelymac.com/forum/index.php

Isn't important just a litte bit weird: Why is ChromeIPass alwasy receiving credentials for the active tab and not like in previous versions for new loaded websites?

[lsgd]

First: Thank you for your feedback!

1) Refresh-function: I'm going to check this in the next days.

2) Choose-own-credential-fields: I've checked this and fixed the bugs, it will be available in the next version (should be released in the mid of this week)

3) Receiving credentials for the active tab: It's for security reasons. chromeIPass removes the cached credentials for every site on switching tabs. If it's annoying because of the tray-notification you can disable this notification in KeePassHttp Options. (please see the new readme on https://github.com/pfn/keepasshttp/ for further information of KeePassHttp Options)

[lsgd]

Okay, I checked the pages which have problems with the remember-dialog.

The remember-dialog function has 3 known limitations:

1. if the password field is cleared before submitting the form (e.g. by other JS-code) it cannot catch the password --> remember-dialog isn't shown
2. chromeIPass registers an event for submitting the form, if another event stops firing submit-events before the chromeIPass-event has been fired it cannot catch the password too.
3. The window needs an address-bar and the chromeIPass-button has to been visible, otherwise the extension is not (correctly) loaded and does not work.

For most of the given sites (tumblr, crossrider, ...) the second limitation is the problem. The third one for example is the problem on soundcloud.

I wish to overcome at least the second limitation, but till now I didn't find a solution / workaround for this.

---

I uploaded the latest version and Perry will release it hopefully in the next 24 hours on Google WebStore. Than at least the other problems will be solved :-/