-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undo can reveal the password #49
Comments
Can you provide steps to reproduce this bug? |
Sure. This bug issue was open long ago, but the bug still exists, although slightly differently than the version I reported: now undoing once is enough to reveal the password. More precisely, to reproduce the bug, follow these steps
|
OK, I've submitted PR #60 which fixes this issue but it may be too extreme as you will not be able to undo other changes in the buffer that you may want to. |
This seems indeed a bit too extreme. The fact that you can accidentally reveal the password with undo is a problem only for those who actually use undo in these buffers (and that do so despite the mild risk). For this reason, I think that removing the undo altogether is counterproductive, because it "solves" a problem only for those who actually want to undo. I think the proper solution would be to make the password visibility toggle not count as an undoable action, if possible. |
Any changes to the list in the body of the `let' get clobbered when the original list is restored. Fixes: NicolasPetton#49
When editing a password, doing undo twice right away reveals the password. This may lead to unwanted password leakage, by pressing undo many times to get to the original state.
The text was updated successfully, but these errors were encountered: