Fix TOTP detection that are password fields (like HackerOne).

Fixes keepassxreboot#2332
bwbroersma · Sep 7, 2024 · cde0aa8 · cde0aa8
1 parent aa288ff
commit cde0aa8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/keepassxc-browser/content/fields.js b/keepassxc-browser/content/fields.js
@@ -20,7 +20,7 @@ kpxcFields.getAllCombinations = async function(inputs) {
             continue;
         }
 
-        if (input.getLowerCaseAttribute('type') === 'password') {
+        if (input.getLowerCaseAttribute('type') === 'password' && !kpxcTOTPIcons.isAcceptedTOTPField(input)) {
             const combination = {
                 username: (!usernameField || usernameField.size < 1) ? null : usernameField,
                 password: input,

diff --git a/keepassxc-browser/content/totp-field.js b/keepassxc-browser/content/totp-field.js
@@ -1,7 +1,7 @@
 'use strict';
 
-const ignoreRegex = /(bank|coupon|postal|user|zip).*code|comment|author|error/i;
-const ignoredTypes = [ 'email', 'password', 'username' ];
+const ignoreRegex = /(bank|coupon|postal|user|zip)((?!(\b|_)totp(\b|_)).)*code|comment|author|error/i;
+const ignoredTypes = [ 'email', 'username'];
 
 const acceptedOTPFields = [
     '2fa',