rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

password_fill: Stop filling username to invisible input fields

Browse Source 
There is no reason to fill usernames into invisible input fields. We are
probably not leaking anything but it can break some apps (like TTRSS).
This commit is contained in:
Kepi 2017-09-01 01:30:50 +02:00
parent 79d3c49f26
commit 69ea2cf327
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
misc/userscripts/password_fill
View File

@ -327,6 +327,17 @@ open_entry "$file"
js() {
cat <<EOF
function isVisible(elem) {
var style = elem.ownerDocument.defaultView.getComputedStyle(elem, null);
if (style.getPropertyValue("visibility") !== "visible" ||
style.getPropertyValue("display") === "none" ||
style.getPropertyValue("opacity") === "0") {
return false;
}
return elem.offsetWidth > 0 && elem.offsetHeight > 0;
};
function hasPasswordField(form) {
var inputs = form.getElementsByTagName("input");
for (var j = 0; j < inputs.length; j++) {
@ -341,7 +352,7 @@ cat <<EOF
var inputs = form.getElementsByTagName("input");
for (var j = 0; j < inputs.length; j++) {
var input = inputs[j];
if (input.type == "text" || input.type == "email") {
if (isVisible(input) && (input.type == "text" || input.type == "email")) {
input.focus();
input.value = "$(javascript_escape "${username}")";
input.blur();