maxlength is ignored in HTML forms

invalidptr

The issue is laid out here: https://laurelwoodcabanaclub.com/1Password.html

• In your Identity record, spell out your state (greater than 2 characters)
• Insert the 1P Identity into the form
• The State is limited to 2 characters via maxlength but 1P does not respect that.
• This basically comes down to: Does 1P not respect maxlength="2"? Does 1P do its magic by writing to the DOM directly and bypassing any HTML?
• This looks to be an old issue. Have you decided to punt on it? https://discussions.agilebits.com/discussion/21552/password-length-conflicts-when-sites-limit-length

---

1Password Version: 7.3.1.BETA-0 (70301000)
Extension Version: Not Provided
OS Version: 10.14.5 (18F132)
Sync Type: Not Provided

littlebobbytables

Greetings @invalidptr,

We do collect the maxLength attribute if present and I see code in the filling logic specific to the state field that indicates we ought to be checking and adapting so I'm going to say this is a bug given it doesn't seem to be working properly. You are correct that because of how the extension works it does bypass the page blocking the additional characters as it sets the field value directly.

Would I be correct in assuming the example page provided is one set up by you and could it remain available for when the developers can make it to the bug report I'm going to file based on these findings?

ref: xplatform/filling-issues#575

invalidptr

Website is under my control. It will be left up indefinitely. This was a crasher for me so I had to add some extra data sanitizer on the backend to catch it (always a good thing). I reduced my code/html so my issue could be easily reproducible. It's a standalone HTML page so could be saved on your end too for possible automated test case down the road. My original idea was to attach it here but attaching a .html didn't initially work.