starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 04:56:03 +03:00

[GH-ISSUE #1103] Javascript warnings when autocomplete (password saving) is enabled and cypht is running under https #571

New issue

Closed

opened 2026-02-25 21:35:23 +03:00 by kerem · 15 comments

kerem commented

2026-02-25 21:35:23 +03:00

Owner

Originally created by @seatimx on GitHub (Jun 27, 2024).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1103

Originally assigned to: @christer77 on GitHub.

🐛 Bugreport

When password is saved (at least using Chrome) and cypht runs under https, there's a hidden text field that gets autofilled, therefore whenever you click on any link a javascript alert pops up warning about unsaved changes that will be lost.

Version & Environment

Version 2.1.0

Steps to reproduce

Install cypht
Add a SSL certificate
Create an account
Log in and save your password
Click on any link within cypht

Originally created by @seatimx on GitHub (Jun 27, 2024). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1103 Originally assigned to: @christer77 on GitHub. ## 🐛 Bugreport When password is saved (at least using Chrome) and cypht runs under https, there's a hidden text field that gets autofilled, therefore whenever you click on any link a javascript alert pops up warning about unsaved changes that will be lost. ### Version & Environment Version 2.1.0 ### Steps to reproduce 1. Install cypht 2. Add a SSL certificate 3. Create an account 4. Log in and save your password 5. Click on any link within cypht

kerem closed this issue

2026-02-25 21:35:23 +03:00

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@christer77 commented on GitHub (Jun 28, 2024):

Well received, we are investing in it

@christer77 commented on GitHub (Jun 28, 2024): Well received, we are investing in it

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@seatimx commented on GitHub (Jun 29, 2024):

Just a comment, I've been able to solve this kind of issues with other systems (I would fix it in Cypht but I'm not familiar with the framework you're using) by passing the data from the hidden text field as content of a hidden div. Then I have javascript/jquery read the content of such hidden div so it can be posted...

@seatimx commented on GitHub (Jun 29, 2024): Just a comment, I've been able to solve this kind of issues with other systems (I would fix it in Cypht but I'm not familiar with the framework you're using) by passing the data from the hidden text field as content of a hidden div. Then I have javascript/jquery read the content of such hidden div so it can be posted...

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@marclaporte commented on GitHub (Jun 29, 2024):

We are not using an external framework on the back-end. Just standard PHP. And we we leverage a small number of libs via Packagist.org

For the front-end, there is a lot of Cypht-specific JavaScript. And we recently incorporated Bootstrap 5 but there is still some work to do, to fully leverage it.

@marclaporte commented on GitHub (Jun 29, 2024): We are not using an external framework on the back-end. Just standard PHP. And we we leverage a small number of libs via Packagist.org For the front-end, there is a lot of Cypht-specific JavaScript. And we recently incorporated Bootstrap 5 but there is still some work to do, to fully leverage it.

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@seatimx commented on GitHub (Jun 29, 2024):

I guess I fould a solution, but would like you to confirm...

To me, it seems like the problem lies in the line:

<input type="text" value="'.$this->html_safe($this->get('username', 'cypht_user')).'" autocomplete="username" style="display: none;"/>
Which can be found twice in modules/core/output_modules.php

Now, I've searched other files, and it seems like the username is retrieved from the session, not from the HTTP POST, so this line can be commented safely.

So far, I've commented both lines and tried saving settings a couple times, settings were saved and everything seems to be working fine.

However I don't know if removing that input line may cause other parts of Cypht to break.

@seatimx commented on GitHub (Jun 29, 2024): I guess I fould a solution, but would like you to confirm... To me, it seems like the problem lies in the line: `<input type="text" value="'.$this->html_safe($this->get('username', 'cypht_user')).'" autocomplete="username" style="display: none;"/> ` Which can be found twice in modules/core/output_modules.php Now, I've searched other files, and it seems like the username is retrieved from the session, not from the HTTP POST, so this line can be commented safely. So far, I've commented both lines and tried saving settings a couple times, settings were saved and everything seems to be working fine. However I don't know if removing that input line may cause other parts of Cypht to break.

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@christer77 commented on GitHub (Jun 29, 2024):

🐛 Bugreport

When password is saved (at least using Chrome) and cypht runs under https, there's a hidden text field that gets autofilled, therefore whenever you click on any link a javascript alert pops up warning about unsaved changes that will be lost.

Version & Environment

Version 2.1.0

Steps to reproduce

Install cypht

Add a SSL certificate

Create an account

Log in and save your password

Click on any link within cypht

Can you tell us what environment you were able to carry out this test on? On my side, I was able to test on a linux server with SSL and everything is good, in any case I don't get this warning when I click on any link.

@christer77 commented on GitHub (Jun 29, 2024): > ## 🐛 Bugreport > When password is saved (at least using Chrome) and cypht runs under https, there's a hidden text field that gets autofilled, therefore whenever you click on any link a javascript alert pops up warning about unsaved changes that will be lost. > > ### Version & Environment > Version 2.1.0 > > ### Steps to reproduce > 1. Install cypht > 2. Add a SSL certificate > 3. Create an account > 4. Log in and save your password > 5. Click on any link within cypht Can you tell us what environment you were able to carry out this test on? On my side, I was able to test on a linux server with SSL and everything is good, in any case I don't get this warning when I click on any link.

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@marclaporte commented on GitHub (Jun 29, 2024):

@seatimx Once @christer77 sees the issue, he will fix it.

Maybe you can come to https://gitter.im/cypht-org/community and coordinate with @christer77 for a screenshare session?

@marclaporte commented on GitHub (Jun 29, 2024): @seatimx Once @christer77 sees the issue, he will fix it. Maybe you can come to https://gitter.im/cypht-org/community and coordinate with @christer77 for a screenshare session?

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@seatimx commented on GitHub (Jun 30, 2024):

I've joined gitter.im using the same nickname as I do here @ github.

@seatimx commented on GitHub (Jun 30, 2024): I've joined gitter.im using the same nickname as I do here @ github.

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@christer77 commented on GitHub (Jul 1, 2024):

https://matrix.to/#/!SeNiIGzqZwRjAclUCr:gitter.im/$LJp7WS7JU3aLxJg01c76I0_Ccb6yidTf2aTXpzaMpZ8?via=gitter.im&via=matrix.org&via=coeus.ca

@christer77 commented on GitHub (Jul 1, 2024): https://matrix.to/#/!SeNiIGzqZwRjAclUCr:gitter.im/$LJp7WS7JU3aLxJg01c76I0_Ccb6yidTf2aTXpzaMpZ8?via=gitter.im&via=matrix.org&via=coeus.ca

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@marclaporte commented on GitHub (Aug 20, 2024):

@seatimx @christer77 What is the latest?

@marclaporte commented on GitHub (Aug 20, 2024): @seatimx @christer77 What is the latest?

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@seatimx commented on GitHub (Aug 20, 2024):

Didn't hear from @christer77 after we did the screen share session...

@seatimx commented on GitHub (Aug 20, 2024): Didn't hear from @christer77 after we did the screen share session...

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@marclaporte commented on GitHub (Oct 8, 2024):

@christer77 Please share summary of the conversation.

@marclaporte commented on GitHub (Oct 8, 2024): @christer77 Please share summary of the conversation.

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@christer77 commented on GitHub (Oct 9, 2024):

We had finished the screen sharing session with @seatimx . Right after, I already tried to reproduce this, but it was unsuccessful. If you don't mind, I can share with you an inbox subdomain, so we can redo the screen sharing while following your procedure to see how it will happen again.
What do you think?

@christer77 commented on GitHub (Oct 9, 2024): We had finished the screen sharing session with @seatimx . Right after, I already tried to reproduce this, but it was unsuccessful. If you don't mind, I can share with you an inbox subdomain, so we can redo the screen sharing while following your procedure to see how it will happen again. What do you think?

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@seatimx commented on GitHub (Oct 15, 2024):

If you want me to help, I'm more than willing.

@seatimx commented on GitHub (Oct 15, 2024): If you want me to help, I'm more than willing.

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@christer77 commented on GitHub (Oct 21, 2024):

https://matrix.to/#/!SeNiIGzqZwRjAclUCr:gitter.im/$RFa3bpuTWbm4fosnqjwpi65pXe4pVZ1rmCf7RO-rqFk?via=gitter.im&via=matrix.org&via=osba.nl

@christer77 commented on GitHub (Oct 21, 2024): https://matrix.to/#/!SeNiIGzqZwRjAclUCr:gitter.im/$RFa3bpuTWbm4fosnqjwpi65pXe4pVZ1rmCf7RO-rqFk?via=gitter.im&via=matrix.org&via=osba.nl

kerem commented

2026-02-25 21:35:24 +03:00

Author

Owner

@christer77 commented on GitHub (Jun 24, 2025):

Since the issue appears to be browser-related, we’re closing this for now, but @seatimx can reopen it if the problem persists after further testing.

@christer77 commented on GitHub (Jun 24, 2025): Since the issue appears to be browser-related, we’re closing this for now, but @seatimx can reopen it if the problem persists after further testing.