From cb6454623ecaacc20ba6287ee9f9fd9a9d85dbe8 Mon Sep 17 00:00:00 2001 From: lukaw3d Date: Tue, 22 Nov 2022 20:50:18 +0100 Subject: [PATCH] Prevent browsers from writing sensitive form inputs to user data --- src/app/components/MnemonicField/index.tsx | 2 ++ .../components/MnemonicValidation/index.tsx | 3 ++- .../PasswordField/__tests__/index.test.tsx | 5 +++-- .../__tests__/type-only.test.tsx | 7 +++---- src/app/components/PasswordField/index.tsx | 4 ++-- src/app/lib/preventSavingInputsToUserData.ts | 21 +++++++++++++++++++ .../__snapshots__/index.test.tsx.snap | 5 ++++- .../__snapshots__/index.test.tsx.snap | 4 +++- .../Features/FromPrivateKey/index.tsx | 4 ++-- .../__snapshots__/index.test.tsx.snap | 4 +++- .../ImportAccountsSelectionModal/index.tsx | 3 ++- .../__snapshots__/index.test.tsx.snap | 1 + .../TransactionRecipient/index.tsx | 3 ++- 13 files changed, 50 insertions(+), 16 deletions(-) create mode 100644 src/app/lib/preventSavingInputsToUserData.ts diff --git a/src/app/components/MnemonicField/index.tsx b/src/app/components/MnemonicField/index.tsx index c2fff99ca1..d3026a48b9 100644 --- a/src/app/components/MnemonicField/index.tsx +++ b/src/app/components/MnemonicField/index.tsx @@ -1,5 +1,6 @@ import * as React from 'react' import { FormField, TextArea } from 'grommet' +import { preventSavingInputsToUserData } from 'app/lib/preventSavingInputsToUserData' interface Props { placeholder?: string @@ -24,6 +25,7 @@ export function MnemonicField(props: Props) { size="medium" rows={5} fill + {...preventSavingInputsToUserData} /> ) diff --git a/src/app/components/MnemonicValidation/index.tsx b/src/app/components/MnemonicValidation/index.tsx index 8285ef7d90..34bd97c3eb 100644 --- a/src/app/components/MnemonicValidation/index.tsx +++ b/src/app/components/MnemonicValidation/index.tsx @@ -5,6 +5,7 @@ import * as React from 'react' import { useTranslation } from 'react-i18next' import { Header } from 'app/components/Header' import { MnemonicField } from 'app/components/MnemonicField' +import { preventSavingInputsToUserData } from 'app/lib/preventSavingInputsToUserData' interface Props { /** Called once the mnemonic is confirmed */ @@ -42,7 +43,7 @@ export function MnemonicValidation(props: Props) { border={{ color: 'background-front-border', size: '1px' }} > -
+
{t('openWallet.mnemonic.header', 'Enter your keyphrase')}
{t( diff --git a/src/app/components/PasswordField/__tests__/index.test.tsx b/src/app/components/PasswordField/__tests__/index.test.tsx index c179dfe77c..d1e4fb35ea 100644 --- a/src/app/components/PasswordField/__tests__/index.test.tsx +++ b/src/app/components/PasswordField/__tests__/index.test.tsx @@ -1,5 +1,6 @@ import { render, screen } from '@testing-library/react' import userEvent from '@testing-library/user-event' +import { preventSavingInputsToUserData } from 'app/lib/preventSavingInputsToUserData' import { Form, FormField, TextInput } from 'grommet' import * as React from 'react' import { PasswordField } from '..' @@ -18,6 +19,7 @@ describe('', () => { expect(value.privateKey.length).toBeGreaterThanOrEqual(5) props.onSubmit(value) }} + {...preventSavingInputsToUserData} > @@ -26,7 +28,6 @@ describe('', () => { inputElementId="privateKey" name="privateKey" label="privateKey" - autoComplete="current-password" validate={(privateKey, form) => { return privateKey.length < 5 ? 'invalid' : undefined }} @@ -60,6 +61,7 @@ describe('', () => { // expect(privateKey.length).toBeGreaterThanOrEqual(5) props.onSubmit({ name, privateKey }) }} + {...preventSavingInputsToUserData} > setName(event.target.value)} /> @@ -68,7 +70,6 @@ describe('', () => { inputElementId="privateKey" name="privateKey" label="privateKey" - autoComplete="off" value={privateKey} onChange={event => setPrivateKey(event.target.value)} error={privateKey.length < 5 ? 'invalid' : undefined} diff --git a/src/app/components/PasswordField/__tests__/type-only.test.tsx b/src/app/components/PasswordField/__tests__/type-only.test.tsx index 2fd67213ae..167575c6a3 100644 --- a/src/app/components/PasswordField/__tests__/type-only.test.tsx +++ b/src/app/components/PasswordField/__tests__/type-only.test.tsx @@ -1,3 +1,4 @@ +import { preventSavingInputsToUserData } from 'app/lib/preventSavingInputsToUserData' import { Form, FormField, TextInput } from 'grommet' import * as React from 'react' import { PasswordField } from '..' @@ -16,6 +17,7 @@ describe('type-only test', () => { expect(value.privateKey !== 5).toBeTruthy() expect(value.privateKey !== '5').toBeTruthy() }} + {...preventSavingInputsToUserData} > @@ -24,8 +26,6 @@ describe('type-only test', () => { inputElementId="privateKey" name="privateKey" label="privateKey" - // @ts-expect-error Detect incorrect value - autoComplete="password" validate={(privateKey, form) => { // @ts-expect-error Detect incorrect type expect(privateKey !== 5).toBeTruthy() @@ -47,7 +47,6 @@ describe('type-only test', () => { inputElementId="privateKey3" // @ts-expect-error Detect missing field name="privateKey3" - autoComplete="current-password" showTip="show" hideTip="hide" /> @@ -63,6 +62,7 @@ describe('type-only test', () => { // @ts-expect-error Doesn't know about any fields expect(value.privateKey !== '5').toBeTruthy() }} + {...preventSavingInputsToUserData} > @@ -71,7 +71,6 @@ describe('type-only test', () => { inputElementId="privateKey" name="privateKey" label="privateKey" - autoComplete="off" validate={(privateKey, form) => { // @ts-expect-error Detect incorrect type expect(privateKey !== 5).toBeTruthy() diff --git a/src/app/components/PasswordField/index.tsx b/src/app/components/PasswordField/index.tsx index d7b38b8807..e1c460fb0b 100644 --- a/src/app/components/PasswordField/index.tsx +++ b/src/app/components/PasswordField/index.tsx @@ -1,3 +1,4 @@ +import { preventSavingInputsToUserData } from 'app/lib/preventSavingInputsToUserData' import { Box, FormField, Button, TextInput, Tip } from 'grommet' import { View, Hide } from 'grommet-icons' import * as React from 'react' @@ -8,7 +9,6 @@ interface Props { placeholder?: string inputElementId: string - autoComplete: 'on' | 'off' | 'new-password' | 'current-password' autoFocus?: boolean value?: string onChange?: (event: React.ChangeEvent) => void @@ -42,9 +42,9 @@ export function PasswordField(props: Props) { onChange={props.onChange} type={passwordIsVisible ? 'text' : 'password'} required={props.required} - autoComplete={props.autoComplete} autoFocus={props.autoFocus} plain + {...preventSavingInputsToUserData} />