Forum Discussion

danito's avatar
danito
Occasional Contributor
3 months ago
Solved

Password is being revealed in url

I have encountered a strange issue with a website: When I log in manually everything works as expected (I get logged in, no weird urls). But when I log in using 1Password's autofill, I do NOT get l...
browser extension
feature request
macos
  • 1P_Evon's avatar
    1P_Evon
    3 months ago

    Hello again, danito

    I’ve contacted our development team regarding this, and the problem stems from this specific website’s code. 

    This form is simply a `<form>` element lacking specific attributes. Without a method attribute, it defaults to `method= “get”`, which will direct the user to the specified path in the `action` attribute. 

    Moreover, the absence of Javascript listeners is linked to the clicking of the Sign-in button and the functionality of the auto-submit feature. 

    You can reproduce this without using 1Password at all if you select the Sign-in button in dev tools and type `$0.click()` in the console. That will run a `click` on the element you have selected in the Elements tab.

    Our development team is in the process of updating our website design documentation for developers to reflect best practices: https://developer.1password.com/docs/web/compatible-website-design/. 

    I hope that helps. Let me know if you have any further questions. 

    -Evon

danito's avatar
danito
Occasional Contributor
3 months ago

Thanks for looking into it! I will avoid using autosubmit/autofill for this website for now.

  • 1P_Evon's avatar
    1P_Evon
    Icon for 1Password Team rank1Password Team
    3 months ago

    Hello again, danito

    I’ve contacted our development team regarding this, and the problem stems from this specific website’s code. 

    This form is simply a `<form>` element lacking specific attributes. Without a method attribute, it defaults to `method= “get”`, which will direct the user to the specified path in the `action` attribute. 

    Moreover, the absence of Javascript listeners is linked to the clicking of the Sign-in button and the functionality of the auto-submit feature. 

    You can reproduce this without using 1Password at all if you select the Sign-in button in dev tools and type `$0.click()` in the console. That will run a `click` on the element you have selected in the Elements tab.

    Our development team is in the process of updating our website design documentation for developers to reflect best practices: https://developer.1password.com/docs/web/compatible-website-design/. 

    I hope that helps. Let me know if you have any further questions. 

    -Evon

    • danito's avatar
      danito
      Occasional Contributor
      3 months ago

      Thank you! I don't grasp what this means fully myself but I will forward it to the website's team.