I am trying out “TextExpander” because I was having a problem with Typeit4me where it would stop working often with no reason. The TextExpander folks got back to me quickly with an explanation and I have to assume it is affecting many people. There is a bug in Firefox and Chrome where they enable secure input but don’t disable it.
This bug is particularly infuriating because it doesn’t seem clear to the end user what causes it. However, it does have a cause, a workaround, and it does seem to be getting some traction from the Mozilla folks.
When these browsers display a password field, they turn on secure event input so that no one, including TextExpander, can peek at your passwords. Problem is, if you use the Return key to submit a form from within its secure field, they won’t turn secure event input off. This appears to be a bug they’ve inherited from some Firefox code they use.
The workaround is to use the submit button rather than using Return in the password field. 1Password is similarly affected by this bug. The workaround there is to turn off auto-submit and just use auto-fill then press the button to submit.
THE SOLUTION: Usually when you quit the application that enabled secure input (permanently) it will be disabled and all will be back to normal.
When editing a password field on the Mac, Firefox ultimately calls EnableSecureEventInput to prevent other input managers from sniffing the user’s password. If I exit the password field by clicking in another field, or by clicking the “submit” button, then Firefox properly calls DisableSecureEventInput. However, if I exit the password field by hitting return (thereby submitting the form), then DisableSecureEventInput is not called, and other input managers on the system are permanently locked out of keyboard input.
Steps to Reproduce:
- create a form that has an input field of type “password” and an input of type “submit”
- use Firefox, and type in the password form
- set a breakpoint on DisableSecureEventInput
- exit the form by hitting return
Actual Results: DisableSecureEventInput is not called, and other input managers are locked out of keyboard input
via Bug 556873 – exiting a password field by pressing return fails to disable secure entry mode.
Feel free to vote it up….
and after I use TextExpander a while longer I will comment in more detail about how it compares. so far it seems to be faster and not stumble on replacements when I type fast.