0

Chrome autofill

asked 2017-03-10 14:38:19 +0800

MaurizioB gravatar image MaurizioB
1 1

I had a problem where the browser autofilling the login fields will not update the corresponding ViewModel variables.

After searching some solutions (and finding out some old threads with solutions that didn't work on my case) I have done something like this, and it works.

<zk xmlns:n="native">
  <window id="loginbox" apply="org.zkoss.bind.BindComposer" viewModel="@id('vm') @init('package.AuthenticationVM')">
<div>
    <textbox id="userinput" value="@bind(vm.username)" constraint="no empty" instant="true" />
    <textbox id="pwdinput" value="@bind(vm.password)" type="password" constraint="no empty" instant="true" />

    <button id="btnSubmit" onClick="@command('submit')"
                label="Sign In" />
</div>
<script defer="true">
    jq('$btnSubmit').click(function() {
        fixAutofill();
    });

    function fixAutofill() {
        jq('$userinput').blur();
        jq('$pwdinput').blur();
    }
</script>

</window> </zk>

Is this a good solution? Can it be improved? Is it secure to have a password handled like this?

delete flag offensive retag edit

3 Answers

Sort by ยป oldest newest most voted
0

answered 2017-03-13 10:43:42 +0800

Darksu gravatar image Darksu
1991 1 4

Hello mikrobe,

Indeed it is!

link publish delete flag offensive edit
0

answered 2017-03-13 10:35:52 +0800

mikrobe gravatar image mikrobe
9 1 3

Hi Darksu, from my understanding, the issue is not about whether autofill is risky or not, because that's up to the user's choice. The problem I see and I experience as well is that form's fields are filled by Chrome but ZK does not recognize it. So the user ends up to seeing a pre-filled form with username and password but when she/he hits the Submit button she/he gets error message. That could mislead her/him to press the "forgot password" button. That's crearly an annoying behaviour.

link publish delete flag offensive edit
0

answered 2017-03-13 09:36:48 +0800

Darksu gravatar image Darksu
1991 1 4

Hello MaurizioB,

As per security probably is not the best approach since autofill could expose users to security risks.

http://www.thewindowsclub.com/browser-autofill-feature-could-be-a-security-risk-for-users

Best Regards,

Darksu

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
1 follower

RSS

Stats

Asked: 2017-03-10 14:38:19 +0800

Seen: 44 times

Last updated: Mar 13 '17

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More