Autofill for kayak.com directed to http://www.kayak.com/?onepasswdfill=[32 character hex]

Hi @data_cat,

I believe you saw what you did because the extension wasn't running and don't worry, nothing bad has happened.

When it comes to filling there are two primary behaviours. If the login page is loaded and in focus we simply fill and attempt to submit if so enabled. The other behaviour is called open and fill. This is what happens if you click on a URL from within the main 1Password window or select a Login item from the 1Password mini menu but it doesn't match the domain of the in-focus tab in your browser. So if the URLs match, try to fill the existing page, if they don't open a new tab, load and then try to fill. With the way that 1Password and the browser extension communicate though we need a way of essentially saying "Oi! extension, we want filling to happen here once it has loaded". That's what the gobbledygook was. That string was merely an identifier that contained no secret information. The idea is once the URL has been passed to the browser, and before anything else happens, the ?onepasswdfill=... is meant to be stripped from the URL but no extension, no stripping of the extraneous text from the real URL. Normally this all happens so fast and behind the scenes you're not meant to know it happens at all.

So just to confirm, your password hasn't been exposed and your machine is fine. If you have any follow up questions please do ask :smile: