Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Firefox
Firefox 77 won't truncate text exceeding max length to address password pasting issues
Message
<blockquote data-quote="CyberTech" data-source="post: 883386" data-attributes="member: 67474"><p>Mozilla plans to address an annoying issue in Firefox 77 related to pasting on sites that set a maxlength attribute to prevent password truncation when submitting form data.</p><p></p><p>Imagine the following scenario: you use a password manager to generate secure passwords when you sign-up for a service on the Internet or change an existing account password. Your expectation is that the entire password is pasted into the password field and submitted to the server.</p><p></p><p>If the developer of the site set a maxlength attribute for the password field, the pasted password will get truncated automatically. The truncated password is submitted to the server and accepted as the user password. When you then try to sign-in to the service, you will notice that the original password is not accepted because of the truncation.</p><p></p><p>Most sites don't reveal to the user that the password or other text has been truncated; this is especially problematic for passwords as you cannot easily verify the input unless a "reveal" option is attached to the field.</p><p></p><p>Mozilla found a solution for the issue that won't change site functionality but addresses the underlying issue. Firefox will mark the form control as invalid when a string that has been entered into the field exceeds the maximum length attribute (if set). The user will be notified about the issue so that it can be corrected before the data is sent to the server.</p><p></p><p>Firefox displays a red border around the field and a message that informs the user about the issue, e.g. "Please shorten this text to XYZ characters or less (you are currently using ABC characters" and paints a red border around the password field to highlight the problem.</p><p></p><p>The form cannot be submitted until the issue has been resolved; this usually means changing the entered text to match the maximum length attribute of the field.</p><p></p><p>Mozilla's solution prevents that the server receives a longer than expected password or string.</p><p></p><p>Firefox users may turn off the new behavior by setting the new preference editor.truncate_user_pastes to TRUE.</p><ol> <li data-xf-list-type="ol">Load about:config in the Firefox address bar (make sure you run Firefox 77 or newer).</li> <li data-xf-list-type="ol">Search for editor.truncate_user_pastes.<ol> <li data-xf-list-type="ol">Set the value to TRUE to disable the functionality.</li> <li data-xf-list-type="ol">Set the value to FALSE to enable it (default).</li> </ol></li> </ol><p>You can check out the <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1320229" target="_blank">bug on</a> Mozilla here for additional information on the implementation.</p><p></p><p>[URL unfurl="true"]https://www.ghacks.net/2020/05/18/firefox-77-wont-truncate-text-exceeding-max-length-to-address-password-pasting-issues/[/URL]</p></blockquote><p></p>
[QUOTE="CyberTech, post: 883386, member: 67474"] Mozilla plans to address an annoying issue in Firefox 77 related to pasting on sites that set a maxlength attribute to prevent password truncation when submitting form data. Imagine the following scenario: you use a password manager to generate secure passwords when you sign-up for a service on the Internet or change an existing account password. Your expectation is that the entire password is pasted into the password field and submitted to the server. If the developer of the site set a maxlength attribute for the password field, the pasted password will get truncated automatically. The truncated password is submitted to the server and accepted as the user password. When you then try to sign-in to the service, you will notice that the original password is not accepted because of the truncation. Most sites don't reveal to the user that the password or other text has been truncated; this is especially problematic for passwords as you cannot easily verify the input unless a "reveal" option is attached to the field. Mozilla found a solution for the issue that won't change site functionality but addresses the underlying issue. Firefox will mark the form control as invalid when a string that has been entered into the field exceeds the maximum length attribute (if set). The user will be notified about the issue so that it can be corrected before the data is sent to the server. Firefox displays a red border around the field and a message that informs the user about the issue, e.g. "Please shorten this text to XYZ characters or less (you are currently using ABC characters" and paints a red border around the password field to highlight the problem. The form cannot be submitted until the issue has been resolved; this usually means changing the entered text to match the maximum length attribute of the field. Mozilla's solution prevents that the server receives a longer than expected password or string. Firefox users may turn off the new behavior by setting the new preference editor.truncate_user_pastes to TRUE. [LIST=1] [*]Load about:config in the Firefox address bar (make sure you run Firefox 77 or newer). [*]Search for editor.truncate_user_pastes. [LIST=1] [*]Set the value to TRUE to disable the functionality. [*]Set the value to FALSE to enable it (default). [/LIST] [/LIST] You can check out the [URL='https://bugzilla.mozilla.org/show_bug.cgi?id=1320229']bug on[/URL] Mozilla here for additional information on the implementation. [URL unfurl="true"]https://www.ghacks.net/2020/05/18/firefox-77-wont-truncate-text-exceeding-max-length-to-address-password-pasting-issues/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top