From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <eklhad@comcast.net>
Received: from resqmta-ch2-04v.sys.comcast.net
 (resqmta-ch2-04v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:36])
 by hurricane.the-brannons.com (Postfix) with ESMTPS id 3FCA17A514
 for <edbrowse-dev@lists.the-brannons.com>;
 Sun,  9 Jul 2017 14:44:32 -0700 (PDT)
Received: from resomta-ch2-15v.sys.comcast.net ([69.252.207.111])
 by resqmta-ch2-04v.sys.comcast.net with ESMTP
 id UK0td0FCWscOQUK0wdDfUw; Sun, 09 Jul 2017 21:45:14 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net;
 s=q20161114; t=1499636714;
 bh=mkKpdd4rSHE4V4H5Yenng3XaB3xTDFd8jeNxo734c9Q=;
 h=Received:Received:To:From:Reply-to:Subject:Date:Message-ID:
 Mime-Version:Content-Type;
 b=iUPVwpfjKtlE8928HQmAGDaS5tMp27+M7nyi0UwbZ7pcCnhg7B3qlA6NeAimUC0gV
 iHbOZLly0Rjy5HLaK7+CZv+6yPMrKyHUOyUAmN3ZHJWJI+X02iEjTn89i4S9pp3iIe
 1olVp8u1Dhn55Z42J9oi6MiPs2U9c4P71bIRZ/A9kGm8KmrqSQYyiKHxOPNeI/eKps
 g5erwRicZMfOQ4ReoTlpa/RVgrP3I+XprsX/AVakcN1paV0ua2X4S7UZLvP+aA02yH
 STWd6GwvODc2dDR4rsbS01ui8Elgi5hdqlW2GmgBbBnPEomu0ASA4SGa9vDa3iI5LQ
 VAB9skrUhgHfQ==
Received: from unknown ([IPv6:2601:408:c301:784d:21e:4fff:fec2:a0f1])
 by resomta-ch2-15v.sys.comcast.net with SMTP
 id UK0vdNRnajSUOUK0wdAOiz; Sun, 09 Jul 2017 21:45:14 +0000
To: Edbrowse-dev@lists.the-brannons.com
From: Karl Dahlke <eklhad@comcast.net>
Reply-to: Karl Dahlke <eklhad@comcast.net>
References: <20170703051927.GA1994@nautica> <20170709144030.GA24038@nautica>
User-Agent: edbrowse/3.6.3+
Date: Sun, 09 Jul 2017 17:45:13 -0400
Message-ID: <20170609174513.eklhad@comcast.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=nextpart-eb-734748
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfHIyyNi0oj6nS0RK0fb9YoO7aCMz4TnfIMEdxLzabEfW6Uwea1J7WsHd/cXWu1TgSotqEEIReMB6X4+Zw6IFruhsc5vIKVA5/qvO6265mvQgTZ0UTNNx
 r34SEVbJI/pG89WYfWY0szY3odNrzkYGrmSRRqTjNmBM6AcR0wSZVScm
Subject: [Edbrowse-dev] Disabling local echo for password fields
X-BeenThere: edbrowse-dev@lists.the-brannons.com
X-Mailman-Version: 2.1.24
Precedence: list
List-Id: Edbrowse Development List <edbrowse-dev.lists.the-brannons.com>
List-Unsubscribe: <http://lists.the-brannons.com/mailman/options/edbrowse-dev>, 
 <mailto:edbrowse-dev-request@lists.the-brannons.com?subject=unsubscribe>
List-Archive: <http://lists.the-brannons.com/mailman/private/edbrowse-dev/>
List-Post: <mailto:edbrowse-dev@lists.the-brannons.com>
List-Help: <mailto:edbrowse-dev-request@lists.the-brannons.com?subject=help>
List-Subscribe: <http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev>, 
 <mailto:edbrowse-dev-request@lists.the-brannons.com?subject=subscribe>
X-List-Received-Date: Sun, 09 Jul 2017 21:44:32 -0000

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--nextpart-eb-734748
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

I got the patch out of github, it will take a while to look through, =
not a lot of code but a lot of little changes all over the place.
Here is the ipass block with some thoughts.

 /* special command for hidden input */
 if (!strncmp(line, "ipass", 5)) {
 char *p, *c;
 char buffer[MAXUSERPASS];
 int realtotal;
 if (!cw->browseMode && (cmd =3D=3D 'i' || cx)) {
#  why query cmd and cx, neither has been set to anything at this point.
#  cmd is the default p for print, I think.
 setError(MSG_NoBrowse);
 return false;
 }
 if (endRange > startRange && cmd =3D=3D 'i') {
#  again, cmd will not be set to i.
#  Did you test all these cases?  1,3ipass will probably not fall into =
this
#  block the way you want it to. You should test every pathway.
 setError(MSG_RangeI, c);
#  c has not been set.
# setError(MSG_RangeI, '=3D');
 return false;
 }

 s =3D line + 5;
#  is cx set to 0 at this point? I think so.
 if (isdigitByte(*s))
 cx =3D strtol(s, (char **)&s, 10);
 else if (*s =3D=3D '$')
 cx =3D -1, ++s;
 /* XXX try to guess cx if only one password input field? */

 cw->dot =3D endRange;
 p =3D (char*)fetchLine(cw->dot, -1);
 findInputField(p, 1, cx, &n, &realtotal, &tagno);
 debugPrint(5, "findField returns %d.%d", n, tagno);
 if (!tagno) {
 fieldNumProblem(0, "ipass", cx, n, realtotal);
 return false;
 }

 prompt_and_read(MSG_Password, buffer, MAXUSERPASS,
 MSG_PasswordLong, true);

 tagList[tagno]->itype =3D INP_PW;
#  Hold it! I have a real problem overriding the html tag type.
#  Mostly on philosophical grounds. I think others will as well.
#  Chris says it is always password when it's suppose to be a password,
#  almost always, so don't think we should change it.
#  In an extreme case it could have been a select list, menu of choices,
#  and now it's just a password text field and I'm sure that will
#  make something blow up somewhere.

 rc =3D infReplace(tagno, buffer, true);
 return rc;
 }

I haven't looked at the other routines.
edbrowse is a fragile thing, maybe because it isn't coded well,
I admit that, it just means we have to look at each line of code as it =
walks in the door.

Karl Dahlke

--nextpart-eb-734748--