Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 84f5cba186ee78db4d9a484d2a327d463d207124
https://github.com/WebKit/WebKit/commit/84f5cba186ee78db4d9a484d2a327d463d207124
Author: Wenson Hsieh <[email protected]>
Date: 2025-06-26 (Thu, 26 Jun 2025)
Changed paths:
A
LayoutTests/editing/input/untrusted-textevent-does-not-echo-password-expected.html
A LayoutTests/editing/input/untrusted-textevent-does-not-echo-password.html
M Source/WebCore/editing/CompositeEditCommand.cpp
M Source/WebCore/editing/CompositeEditCommand.h
M Source/WebCore/editing/EditCommand.h
M Source/WebCore/editing/InsertIntoTextNodeCommand.cpp
M Source/WebCore/editing/InsertIntoTextNodeCommand.h
M Source/WebCore/editing/InsertTextCommand.cpp
M Source/WebCore/editing/InsertTextCommand.h
M Source/WebCore/editing/TypingCommand.cpp
Log Message:
-----------
[iOS 26] Using AutoFill in a password field echoes the last character
https://bugs.webkit.org/show_bug.cgi?id=295032
rdar://148549180
Reviewed by Abrar Rahman Protyasha and Ryosuke Niwa.
Safari AutoFill in macOS Tahoe / iOS 26 now creates and dispatches `TextEvent`s
to simulate user
input. While this more closely simulates some typing behaviors (and improves
compatibility on some
websites), it also has the byproduct of triggering password echo on iOS
(flashing the last typed
character in a password field).
Fix this by not echoing the last character in a password field, when the
triggering text event is
untrusted. See below for more details.
*
LayoutTests/editing/input/untrusted-textevent-does-not-echo-password-expected.html:
Added.
* LayoutTests/editing/input/untrusted-textevent-does-not-echo-password.html:
Added.
Add a layout test to exercise the change by verifying that the password does
not echo when creating
and dispatching TextEvents in a password field. This test simply ref's against
a password field with
a `value` attribute set to the same string.
* Source/WebCore/editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::inputText):
(WebCore::CompositeEditCommand::insertTextIntoNode):
(WebCore::CompositeEditCommand::replaceTextInNode):
Add more plumbing for the `AllowPasswordEcho` flag.
* Source/WebCore/editing/CompositeEditCommand.h:
* Source/WebCore/editing/EditCommand.h:
Add a new enum type, representing whether or not we should allow password echo
when inserting text.
This enum is plumbed from `TypingCommand` -> `InsertTextCommand` ->
`InsertIntoTextNodeCommand` when
typing, and finally checked in
`InsertIntoTextNodeCommand::shouldEnablePasswordEcho`.
* Source/WebCore/editing/InsertIntoTextNodeCommand.cpp:
(WebCore::InsertIntoTextNodeCommand::InsertIntoTextNodeCommand):
(WebCore::InsertIntoTextNodeCommand::shouldEnablePasswordEcho const):
Pull this logic out into a private helper method, for better readability.
(WebCore::InsertIntoTextNodeCommand::doApply):
* Source/WebCore/editing/InsertIntoTextNodeCommand.h:
Store the `AllowPasswordEcho` flag as a member.
(WebCore::InsertIntoTextNodeCommand::create):
* Source/WebCore/editing/InsertTextCommand.cpp:
(WebCore::InsertTextCommand::InsertTextCommand):
(WebCore::InsertTextCommand::doApply):
Plumb the `AllowPasswordEcho` state into `InsertIntoTextNodeCommand`.
* Source/WebCore/editing/InsertTextCommand.h:
Store the `AllowPasswordEcho` flag as a member.
(WebCore::InsertTextCommand::create):
* Source/WebCore/editing/TypingCommand.cpp:
(WebCore::TypingCommand::insertTextRunWithoutNewlines):
Plumb the value of `AllowPasswordEcho` into `InsertTextCommand` when typing;
this value is derived
from `triggeringEventIsUntrusted()`, which is in turn derived from whether or
not the dispatched
text event is trusted.
Canonical link: https://commits.webkit.org/296673@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
