Open Bug 1629226 Opened 5 years ago Updated 22 days ago

[meta] Make password manager work with Shadow DOM

Categories

(Toolkit :: Password Manager, task, P2)

Product:
Toolkit
Component:
Password Manager
Type:
task

Tracking

()

People

(Reporter: MattN, Unassigned)

References

(Depends on 5 open bugs)

Details

(Keywords: meta, Whiteboard: [passwords:heuristics] [passwords:capture-UI] [passwords:fill-ui] )

Attachments

(1 obsolete file)

Consider:

  1. each field in its own Shadow Root e.g. https://www.virustotal.com/gui/sign-in
  2. username and password fields together in a shadow root with a "form" ancestor https://bugs.mattn.ca/pwmgr/login_and_change_form.html#shadow-inside-form
  3. username and password fields together in a "form" within a shadow root e.g. https://bugs.mattn.ca/pwmgr/login_and_change_form.html#shadow

All features should work for these elements e.g.

  • capture
    • on submission
    • dismissed capture on edit
    • generated password auto-saving of edits
  • autocomplete from the username field (fills both username and password)
  • autocomplete from the password field (only fills a password)
    • Audit NewPasswordModel.jsm code to ensure it properly handles Shadow DOM
  • context menu from the username field (fills both username and password)
  • context menu from the password field (only fills a password)
  • input/change/focus/blur listeners in LoginManagerChild unrelated to capture
    • e.g. clearing the yellow highlight
    • mask/unmask generated password fields
  • Audit rest of LoginManagerChild to ensure it properly handles Shadow DOM

Tactics:

  • We can switch from event.target to event.composedTarget for many event listeners to at least get the non-native anonymous content element.
  • We can traverse up the tree using node.getRootNode().host to find relevant fields.

Issues:

(In reply to Matthew N. [:MattN] from comment #0)

Issues:

Bug 1612258 should help with this since we would then hopefully show the dismissed doorhanger upon input events if we use event.composedTarget.

Depends on: 1612258
See Also: → 1475869
Depends on: 1634819
Depends on: 1638587
Depends on: 1639295
Depends on: 1643163
See Also: → 1644302
Depends on: 1655165
Depends on: 1659217
Depends on: 1659224

As I am no longer on the Password Manager team, this project will unfortunately be paused for the time being.

I created a document that summarizes the status of this project in the #Lockwise Drive > Lockwise desktop folder. This document should be viewable by any Mozilla employee.

Depends on: 1730705

This ticket is 2.5 years old. Isn't it possible to give it a higher prio? Chromium fixed that already: https://bugs.chromium.org/p/chromium/issues/detail?id=649162

Attachment #9337403 - Attachment is obsolete: true
Flags: needinfo?(sgalich)
Attachment #9337403 - Flags: ui-review?(m.adil199506)
Attachment #9337403 - Flags: sec-approval?
Attachment #9337403 - Flags: review?(mconley)
Attachment #9337403 - Flags: feedback?
Attachment #9337403 - Flags: approval-mozilla-release?
Attachment #9337403 - Flags: approval-mozilla-esr102?
Attachment #9337403 - Flags: approval-mozilla-beta?

Safari has also recently addressed this: https://bugs.webkit.org/show_bug.cgi?id=172567

Would be nice if this got a priority bump.

Yes, it would be nice indeed.

The hungarian central government site (https://ugyfelkapu.gov.hu, https://idp.gov.hu/) started to use shadow DOM elements on their main login page, so currently Firefox is unable to fill the saved username/password on the "one-and-only" government authentication site.

Chrome autofill works with shadow DOM. It would be nice, if Mozilla Firefox could also make it possible. Thanks!

A lot of major companies are using shadow dom now, is there any update from mozilla? There seems to be a good baseline already provided by Bianca.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: