gecko-dev

mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-25 03:05:34 +00:00

History

prathiksha 37cee0f171 Bug 1185000 - Show a dismissed password manager doorhanger when credit card numbers are detected. r=jaws In certain straight-forward cases where we detect a credit card number being used with password fields we will show a dismissed password manager doorhanger. The user can still choose to save in case the valid credit card number is actually their username or password. 1) If the Luhn checksum matches on the username field (see CreditCard.jsm) AND the password is 3 numerical digits (don't handle 4 for now even though it's used by Visa since there are banks that use 4 digits passwords for online banking still). 2) If the Luhn checksum matches on the password value AND we detect that the type=password field is a credit card field via autocomplete=cc-number. ** We must include the @autocomplete check otherwise sites will abuse this loophole on legit login forms and set autocomplete=cc-number on their password fields to avoid saving. For both of these cases we should `dismissed:true` doorhanger, rather than not showing one at all, in case there are false-negatives. Differential Revision: https://phabricator.services.mozilla.com/D25485 --HG-- extra : source : e9be442c871e173a409f3b969f5bcea0e1ae4d71 extra : histedit_source : c942a81512be954abe595fa41ca44c26cd89b0e6	2019-04-19 13:52:58 -07:00
..
android	Bug 1185000 - Show a dismissed password manager doorhanger when credit card numbers are detected. r=jaws	2019-04-19 13:52:58 -07:00
locales	Bug 1523741 - Converting legacy aboutTelemetry to Fluent aboutTelemetry, r=jaws,flod,Gijs	2019-04-08 09:15:16 +00:00

prathiksha 37cee0f171 Bug 1185000 - Show a dismissed password manager doorhanger when credit card numbers are detected. r=jaws

In certain straight-forward cases where we detect a credit card number being used with password fields we will show a dismissed password manager doorhanger. The user can still choose to save in case the valid credit card number is actually their username or password.

1) If the Luhn checksum matches on the username field (see CreditCard.jsm) AND the password is 3 numerical digits (don't handle 4 for now even though it's used by Visa since there are banks that use 4 digits passwords for online banking still).
2) If the Luhn checksum matches on the password value AND we detect that the type=password field is a credit card field via autocomplete=cc-number.
** We must include the @autocomplete check otherwise sites will abuse this loophole on legit login forms and set autocomplete=cc-number on their password fields to avoid saving.

For both of these cases we  should `dismissed:true` doorhanger, rather than not showing one at all, in case there are false-negatives.

Differential Revision: https://phabricator.services.mozilla.com/D25485

--HG--
extra : source : e9be442c871e173a409f3b969f5bcea0e1ae4d71
extra : histedit_source : c942a81512be954abe595fa41ca44c26cd89b0e6

2019-04-19 13:52:58 -07:00

android

Bug 1185000 - Show a dismissed password manager doorhanger when credit card numbers are detected. r=jaws

2019-04-19 13:52:58 -07:00

locales

Bug 1523741 - Converting legacy aboutTelemetry to Fluent aboutTelemetry, r=jaws,flod,Gijs

2019-04-08 09:15:16 +00:00