My browser tries to autofill my password in Replit's secrets UI

9pfs1 · May 15, 2023, 10:52pm

Problem description:
Replit makes my browser think that it’s a good idea to autofill my Replit password in the secrets UI.

Expected behavior:
My browser doesn’t try to put my password in secrets automatically.

Actual behavior:
Replit makes my browser think that my password belongs in secrets, as shown in this screenshot (I made it narrow for security).

Steps to reproduce:

Open any repl’s secrets tab using Chromium.
Watch Chromium incorrectly think that the secrets field is a password input (and potentially leak your password).

Bug appears at this link:
Any Replit editor page

Browser/OS/Device:

Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36

ShaneAtReplit · May 16, 2023, 6:00pm

Thank you for reporting this. It appears that this might be related to Code search tab autofills saved usernames as well.

We will look into this and will follow up as soon as we have an update!

IroncladDev · May 17, 2023, 8:01pm

Created a fix for this. Should land in prod in the next couple of days

EnZon3 · May 18, 2023, 12:58pm

Did you also fix the code search box too?

IroncladDev · May 18, 2023, 1:20pm

Not yet, will make a PR when I have time

9pfs1 · June 19, 2023, 8:29am

It seems like the bug still occurs.

IroncladDev · June 20, 2023, 2:44pm

Noted, will TAL in a bit

9pfs1 · June 20, 2023, 3:12pm

Code Search is also still broken.

IroncladDev · June 21, 2023, 1:32pm

Just fixed this issue

IroncladDev · June 21, 2023, 1:32pm

Code search? Screenshot please.