HTML input "minlength" validation message is broken by 1Password on chrome
The html input field supports a "minlength" attribute. See docs here: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input
If a field, like a password, is less than minlength, the browser is supposed to show a message informing the user of the validation problem near the problematic form field. However if you have 1 password extension for Chrome installed, it breaks this important feature. Many sites rely on these prompts for usability.
Repro steps:
1) Open a login page on a site with minlength on password field, this one works: https://shoeboxapp.com/app
2) Click "log in"
3) Enter an email and a password of length 3 (any fake email/password is okay). The form in the page above has minlength=4 so a password of length 3 is invalid
4) Click login
Expected:
- Browser form validation UI shown saying password too short (works without 1Password installed).
- No 1Password prompt to save password since html form didn't pass validation
Actual:
- Browser form validation UI isn't shown because 1 Password pops up a save password dialog
- 1Password prompt to save password is shown for invalid password which doesn't meet form validation.
1Password Version: 6.8.8
Extension Version: Not Provided
OS Version: MacOS 10.13.4
Sync Type: Not Provided
Referrer: forum-search:minlength
Comments
-
@delrox I see what you mean, thanks for pointing it out! I do see the browser message for a split-second before the save password dialog comes up (so that's something at least!) but that's still less than ideal. Happily, this is completely resolved in the new 1Password 7 for Mac—let me know if you need any help updating!
0 -
I encounter the same issue with 1Password 7 on Mac on a site that I am building. I do a pattern validation on form elements and as soon as I submit the form with errors, 1Password pops up, killing the form validation popup right away.
I placed a stripped down version of the form at http://projektor.fm/1password-test/ so you can try. This is what's happening: https://monosnap.com/file/ksvyaChfYn6592sbUqWgxuFaDAFZlGThe validation popup appears for a split second and then disappears.
0 -
Out of curiosity, @schlingel, does it help matters if you merely disable autosave? It sounds like it's the focus change that's causing the browser to lose the validation messages rather than 1Password's scripts themselves interfering.
Something we should maybe look into is preventing 1Password from sending its autosave message to the main 1Password application if there are validation errors in the form. I think this is reasonable, but it's something we would have to put through the paces to make sure it's reasonably reliable.
One last thing I can say is that when using a password manager or any other extension that can modify fields' values, things like maxLength will not be enforced because the validations are not triggered when the value is set via Javascript, so I would advise that you should take a belt-and-braces approach to form validations. It's nice to use those markup features, but you should also be checking their values appropriateness with validation functions before allowing submission.
--
Jamie Phelps
Code Wrangler @ 1Password
Olympia, WA0 -
@jxpx777 The main problem is not my setup, where I am able to change 1Password Settings, but I don't have any control over future users setups.
I do validation on the backend and throw an error after submission if the validation fails with HTML standard features. But nevertheless, having a "do you want to save your login" window pop up when the input is likely to be faulty, seems weird to me.0 -
I think I agree with that too. :smile: This is definitely something we should look into.
--
Jamie Phelps
Code Wrangler @ 1Password
Olympia, WA0