From b4e15aba6e7d5f3795b19769baf2b57cc745a955 Mon Sep 17 00:00:00 2001
From: Jonathan Ehman <jpehman@users.noreply.github.com>
Date: Mon, 29 Jun 2020 09:27:14 -0500
Subject: [PATCH] Avoid a common One Time Password field name (#1314)

Many sites have one time password fields for Two Factor Authentication. A common name for those fields is OneTimePassword or some variant. If these fields were commonly of type "password" it would not be significant. However, since they are commonly of type "text", it is a security risk for users to auto fill these fields.
---
 src/services/autofill.service.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/services/autofill.service.ts b/src/services/autofill.service.ts
index db35556033b..1909c6820e2 100644
--- a/src/services/autofill.service.ts
+++ b/src/services/autofill.service.ts
@@ -896,6 +896,9 @@ export default class AutofillService implements AutofillServiceInterface {
                     return false;
                 }
                 const lowerValue = value.toLowerCase();
+                if (lowerValue.indexOf('onetimepassword') >= 0 {
+                    return false;
+                }
                 if (lowerValue.indexOf('password') < 0) {
                     return false;
                 }