🛡️ Sentinel: [MEDIUM] Fix sensitive credentials exposure in UI#82
🛡️ Sentinel: [MEDIUM] Fix sensitive credentials exposure in UI#82bobdivx wants to merge 1 commit into
Conversation
Changed sensitive text fields (TMDB API keys, Tracker Passkeys, C411 API keys) from `type="text"` to `type="password"` with `autoComplete="off"` to mitigate shoulder-surfing risks and prevent browser autofill from storing and exposing credentials. Co-authored-by: bobdivx <6737167+bobdivx@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request enhances security by converting sensitive input fields (API keys and passkeys) from text to password types and adding autocomplete attributes across various settings and setup components. The review feedback recommends using autoComplete="new-password" instead of "off" to more effectively prevent browser autofill. Additionally, a critical issue was identified in TmdbStep.tsx where the password type interferes with existing manual masking logic and requires an updated focus handler to prevent users from accidentally appending new keys to masked strings.
| <input | ||
| type="text" | ||
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Switching to type="password" makes the manual masking logic (maskKeyPreview) counter-productive, as the browser now hides the characters that were intended to be a "preview".
More importantly, this component lacks the logic found in TmdbConfig.tsx to clear the masked value on focus. Since the field is now hidden, users won't realize they are appending their new key to the dummy masked string (e.g., abcd...wxyz), which will result in an invalid key being saved.
Consider updating the onFocus handler (line 309) to clear the value if it matches the masked pattern, and use autocomplete="new-password" to improve security.
| autoComplete="off" | |
| autoComplete="new-password" |
| <input | ||
| type="text" | ||
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers often ignore autocomplete="off" for password fields to avoid interfering with password managers. For sensitive API keys, using autocomplete="new-password" is generally more effective at preventing browsers from incorrectly autofilling saved site credentials into these fields.
| autoComplete="off" | |
| autoComplete="new-password" |
| <input | ||
| type="text" | ||
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Using autocomplete="new-password" is recommended for sensitive tokens and API keys to prevent browsers from suggesting or autofilling the user's login credentials for the application into these fields.
| autoComplete="off" | |
| autoComplete="new-password" |
| <input | ||
| type="text" | ||
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Consider using autocomplete="new-password" to prevent password managers from incorrectly filling in site login credentials.
| autoComplete="off" | |
| autoComplete="new-password" |
| <input | ||
| type="text" | ||
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Using autocomplete="new-password" instead of "off" is more reliable for preventing browser autofill of unrelated credentials into this sensitive field.
| autoComplete="off" | |
| autoComplete="new-password" |
| <input | ||
| type="text" | ||
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Using autocomplete="new-password" is recommended for sensitive API keys to prevent browsers from incorrectly autofilling saved site credentials.
| autoComplete="off" | |
| autoComplete="new-password" |
1 participant
🚨 Severity: MEDIUM
💡 Vulnerability: Sensitive credentials like TMDB API Keys, Tracker Passkeys, and C411 API Keys were being rendered using standard
<input type="text">fields. This exposed them in plain text on the screen (shoulder-surfing risk) and could lead to browsers inadvertently caching or auto-filling the values.🎯 Impact: An attacker looking at a user's screen or gaining access to their browser's autofill data could steal these sensitive API tokens and passkeys.
🔧 Fix: Updated the relevant input fields in
TmdbConfig,TmdbStep,UploadAssistantPanel,UploadTrackerPanel, andUploadTrackersManagerPanelto usetype="password"andautoComplete="off".✅ Verification: Tested visually in the UI to confirm the fields are correctly masked and autocomplete behaviors are disabled. Build passes successfully.
PR created automatically by Jules for task 12500518152330368123 started by @bobdivx