Avoid a common One Time Password field name (#1314)

Many sites have one time password fields for Two Factor Authentication. A common name for those fields is OneTimePassword or some variant. If these fields were commonly of type "password" it would not be significant. However, since they are commonly of type "text", it is a security risk for users to auto fill these fields.
2025-12-14 15:23:33 +00:00 · 2020-06-29 09:27:14 -05:00
parent 6e441e54d4
commit b4e15aba6e
1 changed files with 3 additions and 0 deletions
--- a/src/services/autofill.service.ts
+++ b/src/services/autofill.service.ts
@@ -896,6 +896,9 @@ export default class AutofillService implements AutofillServiceInterface {
                    return false;
                }
                const lowerValue = value.toLowerCase();
+                if (lowerValue.indexOf('onetimepassword') >= 0 {
+                    return false;
+                }
                if (lowerValue.indexOf('password') < 0) {
                    return false;
                }