Submit autofill (password input field)

Question

I want to submit an autofilled password form using a userscript/tampermonkey in chrome. However it doesn't work - ~~the fields~~ the password field remains empty (server response or even with alert messages) until the window is actually controlled by a user (any actual keyboard press or mouse click). This seems important if you want a userscript to automate logins without hard-coding the passwords into your userscript.

Does anyone have an explanation for that and/or a workaround?

I tried all ways I know to submit the form: .submit() or dispatching an actual mouseclick event, etc

Try it yourself: Autosave password/name here: http://www.htmlcodetutorial.com/forms/_INPUT_TYPE_PASSWORD.html

additional info: Tampermonkey version 3.12.58, chrome Version 49.0.2623.110 m, Windows 10 64x. I also tried deactivating all extensions in chrome.

Userscript that goes with that page:

// ==UserScript==
// @name         New Userscript
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  try to take over the world!
// @author       You
// @match        http://www.htmlcodetutorial.com/forms/_INPUT_TYPE_PASSWORD.html
// @grant        none
// ==/UserScript==

//wait 5s to assert that chrome autofill had enough time to do its thing
setTimeout(function(){document.forms[0].submit()},5000)

edit: looping code that never submits.

loopme()

function loopme() {
    setTimeout(function(){
        //check every second if 'password field' is empty, if not, submit the form
        if(document.forms[0].elements[1].value != ''){
            document.forms[0].submit()
        } else {
           //make count visible
           document.title = "|" + document.title
           //edit: adding an virtual 'click' makes no difference:
           //var mouseClick = new MouseEvent("click");
           //document.body.dispatchEvent(mouseClick);
           loopme()
           }
    },1000)
}

screenshot of password field because of this suggestion based on a chrome bug. Left: form before submission, right: server response.

(verbose) logfiles of chrome when running the looping-script:

Navigated to http://www.htmlcodetutorial.com/forms/_INPUT_TYPE_PASSWORD.html
content: Started (5edc5230-099a-412a-bca4-48c97edb3113, http://www.htmlcodetutorial.com/forms/_INPUT_TYPE_PASSWORD.html)
content: start event processing for 5edc5230-099a-412a-bca4-48c97edb3113 (1 to run)
env: initialized (content, id:5edc5230-099a-412a-bca4-48c97edb3113, http://www.htmlcodetutorial.com/forms/_INPUT_TYPE_PASSWORD.html) 
env: schedule 'New Userscript' for document-idle
env: schedule for later events!
env: first DOMNodeInserted Event!
content: Started (d2f1e833-ce3f-48e8-a81c-cf4a93475a98, nullblank)
content: disable event processing for d2f1e833-ce3f-48e8-a81c-cf4a93475a98
content: Started (6b10cff5-a3a1-4eab-9286-f7e49aaa5952, http://www.htmlcodetutorial.com/forms/_INPUT_TYPE_PASSWORD.html)
content: disable event processing for 6b10cff5-a3a1-4eab-9286-f7e49aaa5952
content: Started (dc4a5836-69a6-4194-a631-ad2354cc6a33, nullblank)
content: disable event processing for dc4a5836-69a6-4194-a631-ad2354cc6a33
env: DOMContentLoaded Event!
content: detected DOMContentLoaded 5edc5230-099a-412a-bca4-48c97edb3113
content: Started (df53f06c-55ba-4398-8a4d-0b41d2fb3f93, nullblank)
content: disable event processing for df53f06c-55ba-4398-8a4d-0b41d2fb3f93
env: execute script New Userscript @ the safe context now!
content: Started (069446ea-3b29-42c4-8c13-9f4f112f6a01, https://googleads.g.doubleclick.net/pagead/html/r20160331/r20151006/zrt_lookup.html)
content: disable event processing for 069446ea-3b29-42c4-8c13-9f4f112f6a01
content: Started (127600e6-61f8-4e15-862a-fe0aaa6e4683, http://s7.addthis.com/static/sh.953eb77977227bfd253ee158.html)
content: disable event processing for 127600e6-61f8-4e15-862a-fe0aaa6e4683
content: Started (b50036dc-266a-4328-92b9-6937c09419e3, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for b50036dc-266a-4328-92b9-6937c09419e3
content: Started (5df2993f-2fc5-4f40-8fa9-aa37c7ffd987, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for 5df2993f-2fc5-4f40-8fa9-aa37c7ffd987
content: Started (8f6c166e-6e61-4776-ba28-8caf786704f4, http://tpc.googlesyndication.com/safeframe/1-0-2/html/container.html)
content: disable event processing for 8f6c166e-6e61-4776-ba28-8caf786704f4
content: Started (c9082438-936d-4ba3-b76e-bf7cc9f48bae, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for c9082438-936d-4ba3-b76e-bf7cc9f48bae
content: Started (2439efaa-3ea5-461b-a8a1-25b2be866f1a, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for 2439efaa-3ea5-461b-a8a1-25b2be866f1a
content: Started (fdd7347c-3bf8-4e05-a9bb-97e0e26d543e, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for fdd7347c-3bf8-4e05-a9bb-97e0e26d543e
content: Started (5e2a844c-fe1e-4c8d-af07-09b3b1ab272c, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for 5e2a844c-fe1e-4c8d-af07-09b3b1ab272c
content: Started (0cef6828-3752-4b05-a8de-68cb90f6b29b, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for 0cef6828-3752-4b05-a8de-68cb90f6b29b
content: detected load 5edc5230-099a-412a-bca4-48c97edb3113
content: Started (65ce238d-9bd8-45cd-8d52-8d215ae3fe62, https://googleads.g.doubleclick.net/pagead/ads)
content: disable event processing for 65ce238d-9bd8-45cd-8d52-8d215ae3fe62
content: Started (c3747272-9bf6-4a6b-baf3-d38b7fbb8134, nullblank)
content: disable event processing for c3747272-9bf6-4a6b-baf3-d38b7fbb8134

Please add more info about your question, such as your sample code. — Haibara Ai, Apr 01 '16 at 08:03
added, please keep in mind that I don't actually want to read/intercept the password values. On the contrary I DON'T want to read them, but submit them. However as far as my testing goes, servers do NOT receive the chrome autofilled name/password if a userscript automatically submits the form (even after setTimeout etc) - UNLESS you provide some sort of 'real' user action (eg clicking, pressing a key). I suspect it's a safety measure on chrome-side, but... I don't know and I really would like my script to work =) — user2305193, Apr 01 '16 at 09:54
sorry but still unclear about your question... You want to simulate a submit action but the code you provided did nothing? — Haibara Ai, Apr 01 '16 at 10:37
Let me specify: I want to auto-submit a form by userscript, that is auto-filled by chrome with username/password. However the submitted forms only include empty fields unless there is actual user-interaction with the page. The script shows merely that you cannot read it by alert messages until there is user-interaction (since I cannot provide the server-side answer) Edit: Sorry, the page even lists the server-side answer - I changed to code — user2305193, Apr 01 '16 at 11:34
I have the same problem in tampermonkey on a page. There is a show/hide icon in the password field. When I click with the mouse on it or inside the input field, the tampermonkey script continues, but when simulating the click inside the script the password value remains empty. — A.W., Jun 07 '21 at 05:01

score 1 · Accepted Answer · edited May 23 '17 at 10:30

1

Since there appears no one can answer: Here's the best answer I found on a similar topic (without an explanation). Please share if you find or have better information...

The password-field won't be populated (by autofill) without an explicit instruction from the user and can therefore not be accessed by javascript.

From Stackoverflow question: Can JavaScript access autofilled passwords?

edited May 23 '17 at 10:30

Community

1
1

answered Apr 07 '16 at 16:08

user2305193

2,079
18
39

1

So where does that leave people who want to submit autofilled passwords from a userscript? Is it simply impossible? – Resigned June 2023 Apr 08 '18 at 05:58
as far as I know, yes – user2305193 Apr 09 '18 at 09:59

Submit autofill (password input field)

1 Answers1

Related