🛡️ Sentinel: [MEDIUM] Fix physical exposure of sensitive credentials#96
🛡️ Sentinel: [MEDIUM] Fix physical exposure of sensitive credentials#96bobdivx wants to merge 1 commit into
Conversation
Changes input types from "text" to "password" and adds "autoComplete=off" for sensitive credentials like TMDB API Keys and Tracker Passkeys to prevent shoulder-surfing and browser autofill leakage. Co-authored-by: bobdivx <6737167+bobdivx@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request enhances security by masking sensitive input fields (such as TMDB API keys and tracker passkeys) using type="password" and autoComplete="off", and documents this security standard in the sentinel journal. The reviewer suggests using autoComplete="new-password" instead of autoComplete="off" across all updated components and the sentinel journal, as modern browsers often ignore off for password inputs to support password managers.
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers (such as Chrome, Firefox, and Safari) often ignore autoComplete="off" on type="password" inputs to ensure that password managers can still function. To reliably prevent the browser from autofilling or suggesting saved credentials in non-login sensitive fields (like API keys or passkeys), it is highly recommended to use autoComplete="new-password" instead.
| type="password" | |
| autoComplete="off" | |
| type="password" | |
| autoComplete="new-password" |
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers often ignore autoComplete="off" on type="password" inputs. To reliably prevent browser autofill on sensitive fields that are not standard login passwords (such as API keys or passkeys), use autoComplete="new-password" instead.
| type="password" | |
| autoComplete="off" | |
| type="password" | |
| autoComplete="new-password" |
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers often ignore autoComplete="off" on type="password" inputs. To reliably prevent browser autofill on sensitive fields that are not standard login passwords (such as API keys or passkeys), use autoComplete="new-password" instead.
| type="password" | |
| autoComplete="off" | |
| type="password" | |
| autoComplete="new-password" |
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers often ignore autoComplete="off" on type="password" inputs. To reliably prevent browser autofill on sensitive fields that are not standard login passwords (such as API keys or passkeys), use autoComplete="new-password" instead.
| type="password" | |
| autoComplete="off" | |
| type="password" | |
| autoComplete="new-password" |
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers often ignore autoComplete="off" on type="password" inputs. To reliably prevent browser autofill on sensitive fields that are not standard login passwords (such as API keys or passkeys), use autoComplete="new-password" instead.
| type="password" | |
| autoComplete="off" | |
| type="password" | |
| autoComplete="new-password" |
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers often ignore autoComplete="off" on type="password" inputs. To reliably prevent browser autofill on sensitive fields that are not standard login passwords (such as API keys or passkeys), use autoComplete="new-password" instead.
| type="password" | |
| autoComplete="off" | |
| type="password" | |
| autoComplete="new-password" |
| type="password" | ||
| autoComplete="off" |
There was a problem hiding this comment.
Modern browsers often ignore autoComplete="off" on type="password" inputs. To reliably prevent browser autofill on sensitive fields that are not standard login passwords (such as API keys or passkeys), use autoComplete="new-password" instead.
| type="password" | |
| autoComplete="off" | |
| type="password" | |
| autoComplete="new-password" |
| ## 2026-05-30 - Prevent Physical Exposure of Sensitive Credentials | ||
| **Vulnerability:** Sensitive credentials like TMDB API keys, Tracker Passkeys, and Custom Indexer API keys were exposed using `<input type="text">`, allowing physical security breaches such as shoulder-surfing or browser autofill leakage. | ||
| **Learning:** Even in authenticated or local-first environments, high-value credentials must be masked by default because physical exposure is a valid attack vector. Relying on manually blurring or "hiding" text after entry is insufficient. | ||
| **Prevention:** Always use `<input type="password">` with `autoComplete="off"` for sensitive credentials in frontend components. If user visibility is needed during entry, provide a dedicated 'Show/Hide' toggle rather than defaulting to plaintext. |
There was a problem hiding this comment.
Update the prevention guidelines in the sentinel journal to recommend autoComplete="new-password" instead of autoComplete="off" for better alignment with modern browser behaviors regarding password inputs.
| **Prevention:** Always use `<input type="password">` with `autoComplete="off"` for sensitive credentials in frontend components. If user visibility is needed during entry, provide a dedicated 'Show/Hide' toggle rather than defaulting to plaintext. | |
| **Prevention:** Always use `<input type="password">` with `autoComplete="new-password"` for sensitive credentials in frontend components. If user visibility is needed during entry, provide a dedicated 'Show/Hide' toggle rather than defaulting to plaintext. |
1 participant
🚨 Severity: MEDIUM
💡 Vulnerability: Sensitive credentials like TMDB API keys, Tracker Passkeys, and Custom Indexer API keys were exposed in plaintext using
<input type="text">. This allowed for physical security breaches such as shoulder-surfing or unintentional exposure via browser autofill leakage.🎯 Impact: An attacker with physical proximity or a malicious script accessing browser autofill could capture high-value API keys and passkeys, potentially leading to unauthorized access to the user's external services.
🔧 Fix: Changed the
typeattribute from"text"to"password"and addedautoComplete="off"for all sensitive credential inputs inTmdbConfig,TmdbStep,UploadAssistantPanel,UploadTrackersManagerPanel, andUploadTrackerPanel. Also documented this physical exposure vector in the Sentinel journal.✅ Verification: Verified the UI changes locally, confirmed that passwords are now masked by default, and ensured that the frontend builds and unit tests pass successfully.
PR created automatically by Jules for task 13795378355631650782 started by @bobdivx