Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make password inputs not give away how many characters were typed #12659

Merged
merged 1 commit into from Jun 8, 2022
Merged

Make password inputs not give away how many characters were typed #12659

merged 1 commit into from Jun 8, 2022

Conversation

jasongrout
Copy link
Contributor

References

Adjusts the original password input implementation from #517 to not give away how many characters were typed.

Code changes

Make password inputs not give away how many characters were typed

This aligns with classic Jupyter Notebook behavior (always show 8 dots), and is generally a good security idea.

Also, this decouples the implementation of the HTML input widget and the notion of the input being a password input by storing the password field as a private attribute of the stdin control, rather than relying on how the input was created.

User-facing changes

Always show 8 dots as the value of the password input

Screen Shot 2022-06-06 at 18 31 35

Backwards-incompatible changes

@jasongrout
Make password inputs not give away how many characters were typed
bc99c48 
This aligns with classic Jupyter Notebook behavior, and is generally a good security idea.

Also, this decouples the implementation of the HTML input widget and the notion of the input being a password input by storing the password field as a private attribute of the stdin control, rather than relying on how the input was created.
@jasongrout jasongrout added this to the 4.0 milestone Jun 7, 2022
@jupyterlab-probot
Copy link

Thanks for making a pull request to jupyterlab!
To try out this branch on binder, follow this link: Binder

fcollonval
fcollonval approved these changes Jun 7, 2022
View reviewed changes
Copy link
Member

@fcollonval fcollonval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jasongrout

CI failure is due to flaky test and is unrelated.

@github-actions
Copy link
Contributor

github-actions bot commented Jun 7, 2022

Benchmark report

The execution time (in milliseconds) are grouped by test file, test type and browser.
For each case, the following values are computed: min <- [1st quartile - median - 3rd quartile] -> max.

The mean relative comparison is computed with 95% confidence.

Results table
Test file large_code_notebook large_md_notebook
open
chromium
actual 14298 <- [14587 - 14714 - 14874] -> 15845 3373 <- [3513 - 3576 - 3637] -> 4338
expected 14117 <- [14443 - 14695 - 15189] -> 17551 3347 <- [3498 - 3540 - 3593] -> 3973
Mean relative change -1.1% ± 0.9% 1.3% ± 1.0%
switch-from
chromium
actual 620 <- [662 - 681 - 715] -> 1033 495 <- [526 - 541 - 562] -> 726
expected 641 <- [672 - 700 - 739] -> 859 495 <- [519 - 532 - 549] -> 735
Mean relative change -0.5% ± 2.6% 2.8% ± 2.4%
switch-to
chromium
actual 352 <- [417 - 461 - 484] -> 561 249 <- [848 - 869 - 914] -> 1212
expected 336 <- [429 - 468 - 505] -> 573 292 <- [843 - 866 - 887] -> 1179
Mean relative change -2.7% ± 2.6% 3.9% ± 3.5%
close
chromium
actual 1127 <- [1167 - 1193 - 1229] -> 1409 558 <- [604 - 627 - 647] -> 757
expected 1108 <- [1167 - 1200 - 1259] -> 1413 556 <- [600 - 613 - 631] -> 738
Mean relative change -1.1% ± 1.5% 1.6% ± 1.6%

Changes are computed with expected as reference.

@fcollonval fcollonval modified the milestones: 4.0.0, 3.4.x Jun 8, 2022
@fcollonval fcollonval merged commit dcd1941 into jupyterlab:master Jun 8, 2022
@fcollonval
Copy link
Member

@meeseeksdev please backport to 3.4.x

meeseeksmachine pushed a commit to meeseeksmachine/jupyterlab that referenced this pull request Jun 8, 2022
@jasongrout @meeseeksmachine
Backport PR jupyterlab#12659: Make password inputs not give away how …
89828dc 
…many characters were typed
@meeseeksmachine meeseeksmachine mentioned this pull request Jun 8, 2022
Merged
fcollonval pushed a commit that referenced this pull request Jun 8, 2022
@meeseeksmachine @jasongrout
Backport PR #12659: Make password inputs not give away how many chara…
1c9b1fb 
…cters were typed (#12668)

Co-authored-by: Jason Grout <jasongrout@users.noreply.github.com>
hbcarlos pushed a commit to hbcarlos/jupyterlab that referenced this pull request Jun 10, 2022
@jasongrout @hbcarlos
Make password inputs not give away how many characters were typed (ju…
bfb931e 
…pyterlab#12659)

This aligns with classic Jupyter Notebook behavior, and is generally a good security idea.

Also, this decouples the implementation of the HTML input widget and the notion of the input being a password input by storing the password field as a private attribute of the stdin control, rather than relying on how the input was created.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@fcollonval fcollonval fcollonval approved these changes

Assignees

@jasongrout jasongrout

Labels
enhancement pkg:outputarea tag:Feature Parity
Projects
None yet
Milestone
3.4.x
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jasongrout @fcollonval