1Password offers to save password for cancelled form submit
I'm running 1Password 5.4.BETA-13 (540013) in Mac OS X 10.10.3.
Not sure if this bug has been reported before or if there's anything that can be done about it, but 1Password will prompt to save a password even if the form submit is cancelled by JavaScript; I can confirm that this happens with jQuery.
In short, this jQuery code should cancel a form submission if the submit button is defined as a button element with class="submit":
$('.submit').on('click', function(e) {
e.preventDefault();
alert('Form should not have been submitted');
});
The gist of the bug is that even though the form submission is cancelled, 1Password still prompts to save the password. This has been causing me some grief for a web form I've been coding for a client.
Any way this can be fixed? I can provide a working HTML file demonstrating the problem if that might help!
Comments
-
Hi, @fongd. Thanks for posting about the issue you're having. We haven't always had this kind of feedback and interest from the web developer community, so it's not something we take for granted. :) Since I work on the extensions and in particular have been looking at ways we can improve autosubmit, our support team asked me to offer my insights.
I had to do a little digging, but I learned today that by default, if you do not give the
<button>element a validtypeattribute to the contrary,<button>s type will be defined assubmit. 1Password looks forbutton.submitas part of its heuristics for determining whether the form was submitted in just the fashion you're showing. The reason for this is we want to be able to handle as many edge cases of autosubmit as possible to give our users the most reliable handling possible to make sure their credentials find their way safely into the 1Password vault. So, in your case, I think changing this to something like<button class="submit" role="button">should give you better results. Please give it a try and let us know how it goes.Beyond this, though, I'd love to know why 1Password should not prompt for autosave here. We have been doing a lot of thinking about this lately and were trying to think of use cases. One edge case I know we still have is that 1Password will attempt to autosave for credit card forms that use a password field for the CVV. We hope to address that soon. Otherwise, we're trying to understand when web developers might legitimately want to specify that 1Password should not autosave the form and your feedback would be super helpful.
Thanks again for your post. We look forward to hearing from you.
0 -
Hello, @jxpx777!
I tried adding the role to the button as suggested but that did not help.
What I'm trying to do with my web form is to have a button that conceals a password field, which is empty when the form is initially populated. Upon clicking the button, the button gets hidden and replaced with a password field.
Now there are a few reasons why I might want to cancel the form submission, but primarily, form validation errors may reveal that the form is incomplete and therefore should not be submitted yet (e.g., password is too weak, there's missing required data on the form, etc.).
Here's a pastebin that demonstrates the issue:
0 -
Unfortunately I wasn't able to find anything that disabled auto-save, for the current version, with your example. I'll log it as a bug and hopefully we can do better for future versions.
However, you can make it work by re-working the logic a bit; you can have the submit button disabled until the form is valid for submitting. Instead of a popup (or what ever you use in the real form) you could have an inline message. This would ensure that the user would only see the auto-save dialog when the form is actually submitted.
Thanks for posting and let me know if this works !
0
