Autofill bugs - list of sites that don't work.

[FoxP]

This issue is a

bug report

Please describe the current behavior, and explain why it's bad.

Some websites like this one need fake keyboard key press for login.

Exemple :

If i use Tusk, the website complains that the login should contain 13 chars. If i manually add a char and delete it from the login input area, it works.

Please describe how you think it should change.

Tusk should add a "simulate keyboard key press" setting.

Anything else?

Thanks for Tusk, it rocks ! :+1:

[zmilonas]

Hi @FoxP thanks for using Tusk and praising it.

@subdavis may be more knowledgeable on this issue but autofill already sends multiple keyboard events to mock some validations.

In the background/inject.js file:

        function fillField(field, val) {
        field.value = val;
        var filled = (field.value === val);
        sendKeyEvent(field);
        return filled;
    }

    function sendKeyEvent(field) {
        field.focus();

        var eventsToFire = {
            keydown: 'KeyboardEvent',
            keyup  : 'KeyboardEvent',
            change : 'HTMLEvents',
        };

        window.setTimeout(function() {
            for (var i in eventsToFire) {
                var evt = document.createEvent(eventsToFire[i]);
                evt.initEvent(i, true, true);
                field.dispatchEvent(evt);
            }
        });
    }

Of course you're bug report is totally valid since these events as you discovered do not cover all possible websites. Probably @subdavis or I will look into how to improve this and make mega.co.nz and similar autofillable.

[FoxP]

Hi @zmilonas, thanks for your answer. I forgot to tell that i am using Google Chrome 67 on Windows 8.1 with uBlock Origin and Privacy Badger. Don't hesitate to ask for tests, I would be happy to help!

[FoxP]

Some examples websites also having autofill issues:

• https://gitlab.mattermost.com/login (password not filled at first Tusk run, only the second run works)
• https://discordapp.com/login (password not filled at first Tusk run, only the second run works)
• https://login.aliexpress.com/ (login / password never filled)
• https://www.dropbox.com/login (autofill works but when "sign in" is clicked, website asks "please enter your email")

[zmilonas]

My findings

• https://www.massdrop.com/#login (login / password never filled)
• https://www.netflix.com/login (validation errors)

[FoxP]

This one only has password filled, not login : https://my.pcloud.com/#page=login

[zmilonas]

For future reference I'm also going to link other autofill implementations from different extensions: https://github.com/browserpass/browserpass/blob/master/chrome/inject.js https://github.com/bitwarden/browser/blob/master/src/content/autofill.js

I'll try to start working on this autofill improvements this week

[fecchan]

I would like to add some other sites that don't work:

• https://www.patreon.com/login (login/password never filled, but it indicates as if it tries to type but nothing was being typed)
• Any FTP login popup on latest Chrome (login/password never filled, example https://manga.madokami.al/)
• https://mega.nz or native Chrome extension (login/password never filled)
• https://myanimelist.net (login filled but not password)

I'll report more as soon as I remember more of the sites that don't work.

[dygordon]

Another two for me, common banking/investing apps in Canada:

• https://authentication.td.com/uap-ui/index.html?consumer=easyweb&locale=en_CA#/index (username/card # fills, password does not)
• https://login.questrade.com/Signin.aspx (username fills, password does not)

Adding some more:

• https://www1.royalbank.com/cgi-bin/rbaccess/rbcgi3m01?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH (username fills, password does not)
• https://app.mailgun.com/sessions/new (username fills, password does not)

[zmilonas]

We have an excellent suggestion from @fmunch on what exactly breaks the autofill in some of the sites:

The problem comes from the hidden inputs sitting between the username and password fields in the form, making them not adjacent.

The inputPattern in inject.js does not seem to be used anymore since 4d856b1, hence the hidden inputs not being filtered.

Per #245

[zmilonas]

Also seems like 4d856b1 introduced a regression. We definitely need to work on better testing especially in autofill territory. @subdavis

[FoxP]

Another autofill bugged website :

https://www.airbnb.fr/

[jcklie]

https://habitica.com/login also does not work.