Bug 1688209 - Prevent simple hidden fields from being eligible for autofill. r=dimi

Prevent simple hidden fields from being eligible for autofill. 'Simple' in this case means fields that have the hidden attribute or 'display:none' inline property. Differential Revision: https://phabricator.services.mozilla.com/D120669
2021-08-30 15:17:39 +00:00 · 2021-08-30 15:17:39 +00:00 · c9d617afa2
--- a/browser/extensions/formautofill/test/unit/test_autofillFormFields.js
+++ b/browser/extensions/formautofill/test/unit/test_autofillFormFields.js
@ -328,6 +328,39 @@ const TESTCASES = [
      "cc-exp-year": "25",
    },
  },
+  {
+    description:
+      "Form with hidden input and visible input that share the same autocomplete attribute",
+    document: `<form>
+               <input id="hidden-cc" autocomplete="cc-number" hidden>
+               <input id="hidden-cc-2" autocomplete="cc-number" style="display:none">
+               <input id="visible-cc" autocomplete="cc-number">
+               <input id="hidden-name" autocomplete="cc-name" hidden>
+               <input id="hidden-name-2" autocomplete="cc-name" style="display:none">
+               <input id="visible-name" autocomplete="cc-name">
+               <input id="cc-exp-month" autocomplete="cc-exp-month">
+               <input id="cc-exp-year" autocomplete="cc-exp-year">
+               </form>`,
+    focusedInputId: "visible-cc",
+    profileData: {
+      guid: "123",
+      "cc-number": "4111111111111111",
+      "cc-name": "test name",
+      "cc-exp-month": 6,
+      "cc-exp-year": 25,
+    },
+    expectedResult: {
+      guid: "123",
+      "visible-cc": "4111111111111111",
+      "visible-name": "test name",
+      "cc-exp-month": "6",
+      "cc-exp-year": "25",
+      "hidden-cc": undefined,
+      "hidden-cc-2": undefined,
+      "hidden-name": undefined,
+      "hidden-name-2": undefined,
+    },
+  },
 ];

 const TESTCASES_INPUT_UNCHANGED = [
--- a/browser/extensions/formautofill/test/unit/test_isFieldEligibleForAutofill.js
+++ b/browser/extensions/formautofill/test/unit/test_isFieldEligibleForAutofill.js
@ -1,7 +1,7 @@
 "use strict";

 var FormAutofillUtils;
-add_task(async function seutp() {
+add_task(async function setup() {
  ({ FormAutofillUtils } = ChromeUtils.import(
    "resource://autofill/FormAutofillUtils.jsm"
  ));
--- a/toolkit/components/formautofill/FormAutofillUtils.jsm
+++ b/toolkit/components/formautofill/FormAutofillUtils.jsm
@ -437,6 +437,25 @@ this.FormAutofillUtils = {
    return doc.querySelectorAll("input, select");
  },

+  /**
+   *  Determines if an element is visually hidden or not.
+   *
+   * NOTE: this does not encompass every possible way of hiding an element.
+   * Instead, we check some of the more common methods of hiding for performance reasons.
+   * See Bug 1727832 for follow up.
+   * @param {HTMLElement} element
+   * @returns {boolean}
+   */
+  isFieldVisible(element) {
+    if (element.hidden) {
+      return false;
+    }
+    if (element.style.display == "none") {
+      return false;
+    }
+    return true;
+  },
+
  ALLOWED_TYPES: ["text", "email", "tel", "number", "month"],
  isFieldEligibleForAutofill(element) {
    let tagName = element.tagName;
@ -445,6 +464,10 @@ this.FormAutofillUtils = {
      if (!this.ALLOWED_TYPES.includes(element.type)) {
        return false;
      }
+      // If the field is visually invisible, we do not want to autofill into it.
+      if (!this.isFieldVisible(element)) {
+        return false;
+      }
    } else if (tagName != "SELECT") {
      return false;
    }