Replit makes my browser think that it’s a good idea to autofill my Replit password in the secrets UI.
My browser doesn’t try to put my password in secrets automatically.
Replit makes my browser think that my password belongs in secrets, as shown in this screenshot (I made it narrow for security).
Steps to reproduce:
- Open any repl’s secrets tab using Chromium.
- Watch Chromium incorrectly think that the secrets field is a password input (and potentially leak your password).
Bug appears at this link:
Any Replit editor page
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/18.104.22.168 Safari/537.36