Closed gregwhitworth closed 4 years ago
@gregwhitworth did you mean this in the third line of your example?
input[type=password]:not(:revealed)::reveal
Without having looked at the proposal in much detail yet, my first thought is that there are other, similar widgets that are often embedded in <input>
s, like an (x)
button that clears the input. Is it worth trying to think of a general mechanism for allowing authors to place these widgets inside an <input>
?
(Although I suppose a password revealing button does need access to some internals to actually do the password revealing, unlike the (x)
button.)
@heycam I'm fine with that - clear is something we've also considered and seen quite a bit of usage of -ms-clear
across the web. Something I've seen in the past (can't recall where though) was ::action
which would cover the individual input type interactions. For example one can imagine input type="search"
also having something similar. At any rate, bike shedding the names is fine. I'm not sure if the psuedo classes should follow the same generalized statement because not all of them you'll want to adjust in the same manner as password. But as I said, feel free to bikeshed.
@jonjohnjohnson yep - good catch, wouldn't want to show the same icon in each state. Fixed :)
The CSS Working Group just discussed Password reveal pseudo-element and pseudo-class
, and agreed to the following:
RESOLVED: input-security: auto|none in UI 4 and applies to input type=password only
Sorry for the delay on this, finally had a chance to sit down and parse it all out. If I understand this thread correctly, the request currently on me is to:
input-security
Is there anything else I'm missing? @litherum @fantasai @dbaron @AmeliaBR @bkardell @atanassov @frivoal @una @jensimmons @tantek @heycam @FremyCompany
Hello Greg. I have a few concerns I would like to share here. All of that comes from my experience as CTO of a company releasing a WebExtension containing a password manager. Disclaimer: I don't work there any more and my words represent my own opinion only.
The main issue with your proposal is the following one: as of today, "Show" buttons exposed on the Web in password fields are added through extra elements and these elements allow third-party tools - like password managers - to detect UI collisions with the UI thingies they want to add themselves to password fields. If we move to a pseudo-element added to <input type="password">
, that will be extremely difficult for password managers to continue doing so. Furthermore, styling dynamic changes on that Show button is going to be tricky since pseudo-elements are always last in a selector, after pseudo-classes.
In short:
<input>
fields could greatly benefit from added "internal buttons":revealed
and ::reveal
are nice but why should we limit this to one action only?:hover::reveal
is possible but ::reveal:hover
is notIn my opinion, the requirements here should be the following ones:
<input>
representing a text field, including <input type="search">
and its omnipresent clickable mag-glass button.type
attribute of the input field. On some web pages, it's even worse: the reveal button switches between two different elements, one <input type="password">
and another <input type="text">
...More about a potential proposal later.
Hi again. I gave myself a bit more time to confront the requirements above to the ecosystem, and in particular to the design of the 100 most visited web sites of the world and the main WebExtensions available. After careful review, I don't think that the original proposal above based on :revealed
and ::reveal
is a desirable solution. Let me explain:
display: block
or display: none
on the ::reveal
pseudo-element. That seems to me pretty hacky.So I think a better option is to completely change the point of view and simplify the proposed solution:
helpers
attribute to all <input>
elements being a text fieldhelpers
attribute should carry a coma-separated list of IDshelpers
attribute corresponds to an element in the document, that element is fully extracted from the normal flow of the document and rendered inside (we need to discuss what it precisely means) the text field, from the end edge of the field and in order of appearance inside the helpers
attribute.revealed
to <input type="password">
matching a new DOM boolean read-write revealed
attribute to let both JS and CSS deal with revealing the value of a password input field. After all, this will be a intrinsic behaviour of password fields, not a rendering thing only, so that deserves to be in the DOM.type
attribute of an input field from password
to text
...With the above, web sites and extensions implementing a Show button in password fields will be able to drop their existing hacky code easily; web sites and extensions adding extra UI elements to text fields will be able to do so in a way that does not collide with existing UI (and that's a VERY big plus), getting rid of usually hacky and very expensive code; extensions willing to "disable" the Show button will be able to do it; the solution works for mag-glass in search fields, powerful dropdown menus in combos, etc.
Looking forward to reading your opinions.
@therealglazou Thank you so much for the feedback Daniel. As I noted on LinkedIn, we've been digging more and more into controls/components and we probably won't go the way in which we originally proposed as we want to ensure that every usecase is possible; as you noted above. I'm intrigued at the helpers solution you describe, but I don't quite follow it. Mind sharing some psuedo code?
<head>
<meta charset="UTF-8">
<title>Input field helpers</title>
<script>
function ShowOrHide(aElement) {
const id = aElement.id;
// why don't we have a attribute selector for coma-separated lists?
const field = document.querySelector("[helpers='" + id + "']")
|| document.querySelector("[helpers^='" + id + ",']")
|| document.querySelector("[helpers$='," + id + "']")
|| document.querySelector("[helpers*='," + id + ",']");
if (field) {
field.revealed = !field.revealed;
aElement.src = field.revealed ? "hide.png" : "show.png";
}
}
</script>
</head>
<body>
<input helpers="showButton"
type="password">
<input id="showButton"
src="show.png"
onclick="ShowOrHide(this)"
type="image">
</body>
</html>
Daniel, I have the impression your design assumes this control won't be available by default on all inputs unless website authors really take care of adding it?
If that's the case, I would like that to be revised. I want my browser to have this reveal button by default, and it should work consistently on all websites (barred really good exceptions). I don't mind websites adding new behaviors to the fields, or disabling the default behavior if it doesn't suit them, but I don't want every website to have to be updated to continue to get the experience I have in Edge today.
@FremyCompany you must clearly not impose such a constraint to all web sites. Forcing a Show button on password fields can be a HUGE security issue in some high-security environments (defense, intelligence, etc.).
@therealglazou I don't buy that argument, if someone is in proximity to read your password then there are other issues. That said, they can simply hide it via the psuedo element. That said - as I noted above due to the constraints we're going to go back and revise this. I have an expectation that we'll still want to define an anatomy that has this in by default but it will be up to the UA if they want to expose it or not. That isn't a discussion for this WG however, I'll be closing this thread for now until I have an updated proposal.
Hey everyone,
We've posted an explainer on our public site regarding a proposal to add an optional psuedo element to the
<input type="password">
as well as a:revealed
psuedo class. The explainer delves into the user and web research we've done as well as telemetry we've added that support the addition of this element and class.The proposal is as follows (copied from the explainer for ease of discussion):
Proposal:
The goal of our below proposal is to enable two key aspects:
This proposal is to include this as part of CSS Selectors Level 4 with the addition of the following specification text:
The ::reveal pseudo-element
User agents may implement the reveal pseudo-element on inputs that have
type=password
. If the user agent does implement this pseudo-element the following rules must be followed:Toggling between revealed and obscured
Allowing for ease of author adjustment
Showing, hiding password reveal element, obscuring the password
Following events would show a password reveal element:
Following events would prevent password reveal element from appearing:
Following events would obscure password and hide a reveal element:
Password input has lost focus
This is important because even though the user may find value in being able to see their password, they may only desire for it to be visible for a short amount of time and doing this allows for keeping the password private even if the user forgets to invoke the
::reveal
psuedo-element. Additionally, when the browser itself loses focus the password is obscured as well.Supported styles
Only the following CSS properties can be applied:
The :revealed pseudo-class
User agents that implement the
::reveal
pseudo-element must also implement the:revealed
pseudo-class on the password input. When a user invokes the::reveal
pseudo-element the pseudo-class should be applied to the password element. This will allow authors to provide different styles when the password is either revealed or not.Example
Here is an example of an author that wants to show an eye image to reveal and a closed eye image to hide the password again.