mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-25 03:05:34 +00:00
37cee0f171
In certain straight-forward cases where we detect a credit card number being used with password fields we will show a dismissed password manager doorhanger. The user can still choose to save in case the valid credit card number is actually their username or password. 1) If the Luhn checksum matches on the username field (see CreditCard.jsm) AND the password is 3 numerical digits (don't handle 4 for now even though it's used by Visa since there are banks that use 4 digits passwords for online banking still). 2) If the Luhn checksum matches on the password value AND we detect that the type=password field is a credit card field via autocomplete=cc-number. ** We must include the @autocomplete check otherwise sites will abuse this loophole on legit login forms and set autocomplete=cc-number on their password fields to avoid saving. For both of these cases we should `dismissed:true` doorhanger, rather than not showing one at all, in case there are false-negatives. Differential Revision: https://phabricator.services.mozilla.com/D25485 --HG-- extra : source : e9be442c871e173a409f3b969f5bcea0e1ae4d71 extra : histedit_source : c942a81512be954abe595fa41ca44c26cd89b0e6 |
||
---|---|---|
.. | ||
android | ||
locales |