0

This is very similar to the the problem mentioned here except that mine is a security risk. Safari prefilling the form is a generic irritating issue. but this happens to me in the User's Profile page which kind of loads the user data and allows them to change/update it.

I have the following 5 fields on my screen

  • Email
  • Username
  • Current Password
  • New Password
  • Confirm New Password.

~ If user 1 has logged in (using username/password) and selected --> save password while safari prompts to ,

After that, Any user who logs in that browser has only the username and password populated with that of user1. My angular bindings are going for a toss. When I debug - I see that my bindings are happening and after that safari autofill kicks in and overwrites that. (it has a yellow background on those 2 fields).

I tried creating

  • The fake after the real email input in the dom.
  • The fake input with a fake label.
  • Dint use display, visibility or opacity to hide the fake elements.
  • disable the input and enable it after some time.

as mentioned by on of the answers..

My Sample angular binding for user id :

<label for="accountUserName">UserName</label>
 <!--Autocomplete is set to false and not Off purposely -->
  <input type="text" ng-maxlength="20" name="accountUserName" class="form-control" required data-ng-model="ctrl.user.userId" autocomplete="false" />
 <!--Setting up dummy fields for autofill turn off -->
<label for="userId" hidden class="hidden"></label>
<input type="text" name="userId" class="form-control hidden" hidden />
<!--End Dummy -->

Also, this issue happens only in IOS Safari. No other bloody browsers.

  • ios 10.3.3 Safari browser.

Please advice.. this looks like as if we are showing wrong data

Community
  • 1
  • 1
Night Monger
  • 770
  • 1
  • 10
  • 33
  • Did you read the comprehensive answer on the question you linked to? The "security risk" exists because of the client configuration. If the client is a shared device then saving passwords should be disabled on the client. If it is a personal client, then what's the issue? – Paulw11 Sep 18 '17 at 19:47
  • two problems 1) In our login page, the user can enter either username or emaild or account number to sign in. So no matter what the user enters, when he comes to the security page - the username is prefilled with whatever he used to enter while signing in (uname / account number / email) So this kind of looks like a wrong data being shown. *2)* the autofill update also updates my model and triggers another async call to check if the changed user name exists and returns true or false(this username is already taken or Username exists). All this on page load – Night Monger Sep 18 '17 at 20:48
  • It sounds like you need to use different field names in your profile page so that autofill isn't triggered. – Paulw11 Sep 18 '17 at 22:06

0 Answers0