Copying and pasting long passwords into a password field with maxlength set
| Originator: | jbrayton | ||
| Number: | rdar://24864869 | Date Originated: | 26-Feb-2016 04:06 PM |
| Status: | Open | Resolved: | |
| Product: | Safari | Product Version: | 9.0.3 (11601.4.4) on OS X, Mobile Safari on iOS 9.2.1 (13D15) |
| Classification: | UI/Usability | Reproducible: | Always |
Summary: I use 1Password to generate my passwords. I typically generate a new password in 1Password, and then paste that new password into the appropriate password field in Safari. Sometimes the generated password is longer than the password’s maxlength field allows. When that happens, the password is silently truncated. If the generated password is 32 characters long and the maxlength of the password is 30 characters, it is easy to set a password on a new account unaware that it was truncated. Steps to Reproduce: 1. Visit this URL in Safari: https://secure.goldenhillsoftware.com/noindex/setpassword.html 2. Paste the following 32-character password into the password field on that page: 12345678901234567890123456789012 That password field has a maxlength value of 30. 3. Click the “Show Password” button. Expected Results: Pasting the 32-character password should fail with a message indicating that the value can be no longer than 30 characters. Actual Results: The password is silently truncated. Clicking the “Show Password” button tells me that the last two characters of the password are missing. In reality, this can cause the user to create an account into which he or she cannot log in. This has happened to me a few times. Regression: N/A Notes: This happens on both OS X and Mobile Safari.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!