bitwarden
Bitwarden preventing users to type into text inputs
Steps To Reproduce
Hi, we have recently shifted our team to Bitwarden and we are experiencing issues while trying to log into our own website (app.twenty.com) with the chrome extension enabled.
- Go to https://app.twenty.com
- Click on 'Continue With Email'
- Type: '[email protected]'
- Type 'Enter'
- Type any password
Repeat this until you face the bug (it appears to be a race condition so it won't happen everytime, however we managed to reproduce it quite often on two differents computers running the latest version of chrome and latest version of bitwarden chrome extension
Expected Result
You can type into the field freely
Actual Result
Sometimes, you cannot type in the email or password
Screenshots or Videos
https://github.com/bitwarden/clients/assets/12035771/34fb4e69-82fc-495e-aa66-8aecb2bf898b
Additional Context
We have investigated a bit and it seems to be related to a bug in the body mutation observer. It seems that this piece of code is triggered many times (100s) with a delete + re-add of bitwarden overlayButton for some reasons
Also here is the link to our GitHub as twenty is open-source. https://github.com/twentyhq/twenty
Operating System
macOS
Operating System Version
M2 Pro - 13.2.1 (22D68)
Web Browser
Chrome
Browser Version
121
Build Version
121.0.6167.184
Issue Tracking Info
- [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Hi there,
Thank you for your report!
I have flagged this to our engineering team.
If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.
Thanks once again!
Thank you, we are also an open-source team, so let us know if you need a hand!
Hm, this was an interesting issue to observe and resolve.
So what's happening here is due to behavior that we have tied to an Enter keydown event on the input element. If a user enters their email and then presses Enter before the inline menu is fully built and injected into the DOM, a value is updated that indicates that the inline menu UI is "visible", but the element is not present in memory.
This is what causes the loop on the MutationObserver, our code is saying "This UI element is visible", while the actual UI element in memory hasn't been created/injected.
The interesting thing here is that this edge case shouldn't be happening due to how we handle injecting of the DOM elements on focus of the input fields. Not entirely sure how/why that ends up happening. Regardless, checking that the inline menu UI element exists in memory before attempting to validate visibility of the element fixes this problem. The fix for this can be see here - https://github.com/bitwarden/clients/pull/8104
I'm going to close this issue since we have a fix for this in code review, but please feel free to comment further. If we need to re-open this thread due to continued issues once this fix is in prod, we can do so.
Oh one note, if you'd like to mitigate this issue entirely in the meantime you can either set the inline autofill menu to a disabled state or set it to When auto-fill icon is selected, which should also resolve the issue.
This can be done by going to Settings > Autofill > Show auto-fill menu on form fields in the extension.
Honestly, so fast. Very happy with our choice to move to Bitwarden. Keep up the good work and thank you @cagonzalezcs.
@cagonzalezcs Thanks for the great explanations. Will the fix apply to all extensions? I'm experiencing this issue on Firefox (extension v2024.2.0).
@JessicaS11
The fix applies to all extensions and should be available with the release of extension v2024.4.0
I'm still having this issue on 2024.4.2. I've set the autofill on icon selected but issue still persists. this is happening on multiple sites and is resolved as soon as the Bitwarden extension is removed from chrome
https://github.com/bitwarden/clients/assets/5265846/215501d0-c552-4add-b2a8-aa09ac51fb2e
I'm having a similar issue. I can't click into any "email" inputs. Resolves on removing Bitwarden Chrome extension or using incognito browser. v2024.4.2
I've been using the Chrome extension for a while and never had this problem -- it just started yesterday or possible a few days prior (wasn't on the computer much last week)
Mac Apple M1 Pro 2014. Updated Chrome browser to latest, restarted computer, etc., still experiencing the issue.
https://github.com/bitwarden/clients/assets/78520107/686b2f45-f391-4bff-9b79-bc38f410d20e
@jflaflamme2 @aaron-mota
Interesting, I'm not able to replicate this behavior in either regard... including attempting to replicate this as described by users in other websites/browsers.
The original issue reported in this thread was due to a flaw in the inline menu implementation. If you turn that feature off, does the problem persist?
I'm having this issue in Windows; in all browsers. I get blocked from typing anything into the username or password field. If I disable the extension in the respective browser, it works fine.
@bigric68
As I mentioned in my previous post, still not able to replicate on my side.
Have you tried turning off the inline menu, as I suggested above? I'm trying to see if I can narrow down the feature that might be causing this problem.
@cagonzalezcs When I turn it "off", I no longer have the issue. When I have it set to the other options, the issue comes back.
Thank you for that @aaron-mota
Narrowing it down to that specific feature helps... still looking for a way to replicate the behavior on our side, but I'll provide an update on a resolution when possible.
For now, anyone having this issue should turn off the autofill inline menu feature.
I'm re-opening this issue to hopefully gather more feedback on this problem.
There are two scenarios where Bitwarden might attempt to blur a field in such a manner. The first is when we are filling form elements, which triggers a removal of the inline menu and any field that might be currently focused. We also trigger blurring of input elements as fields are being populated with autofill data.
The second scenario is anytime an excessive amount of mutations is encountered in the DOM in a very quick succession. This blurring would only trigger in the case where the inline menu is visible, and we do this to avoid programmatic hijacking of the inline menu elements.
The original fix for this issue implemented a redundant check to verify visibility of the inline menu elements as they were being injected into the DOM. We were seeing a very rare race condition where the inline menu could trigger a loop on the mutation observer. This happened due an issue with verifying the visibility of an inline menu element before it had completely loaded.
So with that said, we aren't really able to replicate this problem.... but I have a theory on why that might be the case. It's possible that another website script or extension script is attempting to modify the DOM in a way that affects our Mutation Observer implementation.
Because I'm unable to replicate this on the pages suggested by others.... I have a strong feeling that another extension content script is causing some kind of conflict in the manner previously described.
If anyone is comfortable with doing so.... could you please look into verifying if this problem exists with other extensions installed?
Does the issue exist when the Bitwarden extension is turned on by itself? (with the inline menu turned on). If you turn on another extension alongside Bitwarden, does the issue present itself?
@cagonzalezcs
Issue is resolved when autofill is turned all the way off not in "When autofill icon is selected" mode. I've tried the BETA version and the problem exist on that version too.
I've tried disabling all extensions on my chrome and re-enabling them one by one and the issue is there as soon as BW is activated even without any other extensions
For me this issue does not happen on all forms only some of them on some sites. For example on the CIS Workbench that I've included in my previous post. the login forms works well with no issue but the password reset page doesn't same thing on NinjaRMM.
Based on a Reddit post regarding this issue it seems that it is not happening on all browsers (https://www.reddit.com/r/Bitwarden/comments/1cvqqom/bitwarden_extension_causing_fields_to_lose_focus/)
This is occurring on other form fields too, such as SSN. I basically can’t click into anything when the extension is enabled. For me, it’s occurring on probably 80% or more of the sites.
From: Jean-Félix Laflamme @.> Sent: Monday, May 20, 2024 1:21 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)
@cagonzalezcshttps://link.edgepilot.com/s/b62e4811/1BCAeeu1qkCxx9sLfwtGuw?u=https://github.com/cagonzalezcs
Issue is resolved when autofill is turned all the way off not in "When autofill icon is selected" mode. I've tried the BETA version and the problem exist on that version too.
I've tried disabling all extensions on my chrome and re-enabling them one by one and the issue is there as soon as BW is activated even without any other extensions
For me this issue does not happen on all forms only some of them on some sites. For example on the CIS Workbench that I've included in my previous post. the login forms works well with no issue but the password reset page doesn't same thing on NinjaRMM.
Based on a Reddit post regarding this issue it seems that it is not happening on all browsers (https://link.edgepilot.com/s/8f2612a1/37pRETH5Jk67lP4qSi9tlg?u=https://www.reddit.com/r/Bitwarden/comments/1cvqqom/bitwarden_extension_causing_fields_to_lose_focus/)
— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/406d63e1/YbvTV8lXhE_wwvuztUQk9Q?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2120875561, or unsubscribehttps://link.edgepilot.com/s/c6123c01/GCA2hblRZ0G-RStK_Wv2rQ?u=https://github.com/notifications/unsubscribe-auth/AJYRVAH2I2CMXDN3B2VYHH3ZDIWJLAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRQHA3TKNJWGE. You are receiving this because you were mentioned.Message ID: @.@.>>
Ok, thank you for the context... we're still working on identifying a reason for this issue, but your feedback will help us narrow down why it might be happening.
Just saw your request for testing with other extensions. I’ll try to run through them later this evening in an effort to determine if there is a conflict. Appreciate the detailed follow-up!
Eric
From: Cesar Gonzalez @.> Sent: Monday, May 20, 2024 3:10 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)
Ok, thank you for the context... we're still working on identifying a reason for this issue, but your feedback will help us narrow down why it might be happening.
— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/b49af6ca/2U_3K9FsgkmzWieZbLTR_A?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2121041119, or unsubscribehttps://link.edgepilot.com/s/869ecfab/-n1oj-yZVkuUPQd26kKKYg?u=https://github.com/notifications/unsubscribe-auth/AJYRVABVQBZN5NGKHDJPRBDZDJDARAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRRGA2DCMJRHE. You are receiving this because you were mentioned.Message ID: @.@.>>
@jflaflamme2
I've tried disabling all extensions on my chrome and re-enabling them one by one and the issue is there as soon as BW is activated even without any other extensions
So are you saying that this issue appears when Bitwarden is setup as the only extension?
Those are seeing this issue, by chance are you using a web extension called Scribe?
https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii
This extension was updated May 14th... and it seems like they've added a DOM injection behavior that directly conflicts with how our extension functions. This is the one way I've been able to re-create the issue recently encountered by users.
I use Scribe. Going to try disabling it now.
From: Cesar Gonzalez @.> Sent: Monday, May 20, 2024 4:04 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)
Those are seeing this issue, by chance are you using a web extension called Scribe?
https://link.edgepilot.com/s/0feb88ad/ETUBv2mzS02_VYZ1mchRTA?u=https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii
This extension was updated May 14th... and it seems like they've added a DOM injection behavior that directly conflicts with how our extension functions. This is the one way I've been able to re-create the issue recently encountered by users.
— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/9ee1a1f4/xCmWZWHx2Eimjhfq3Eut3A?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2121118964, or unsubscribehttps://link.edgepilot.com/s/fd599ee6/woOwXc8jakOUU52OUXIbog?u=https://github.com/notifications/unsubscribe-auth/AJYRVAF3TASDQAXOXOM3E3TZDJJMDAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRRGEYTQOJWGQ. You are receiving this because you were mentioned.Message ID: @.@.>>
Bingo – Scribe seems to be the culprit for me…
From: Cesar Gonzalez @.> Sent: Monday, May 20, 2024 4:04 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)
Those are seeing this issue, by chance are you using a web extension called Scribe?
https://link.edgepilot.com/s/0feb88ad/ETUBv2mzS02_VYZ1mchRTA?u=https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii
This extension was updated May 14th... and it seems like they've added a DOM injection behavior that directly conflicts with how our extension functions. This is the one way I've been able to re-create the issue recently encountered by users.
— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/9ee1a1f4/xCmWZWHx2Eimjhfq3Eut3A?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2121118964, or unsubscribehttps://link.edgepilot.com/s/fd599ee6/woOwXc8jakOUU52OUXIbog?u=https://github.com/notifications/unsubscribe-auth/AJYRVAF3TASDQAXOXOM3E3TZDJJMDAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRRGEYTQOJWGQ. You are receiving this because you were mentioned.Message ID: @.@.>>
Yep, I can confirm that on my side as well...
Looks like we're both competing to ensure our respective injected DOM element is the last listed element in a page's <body>....
I'll look into a resolution for this soon, will post an update when possible.
Also confirming -- I had Scribe extension, turning it off allows BW to work as it previously did.
Out of curiosity / for my own learning, how did you come across Scribe being the likely culprit?
Our CS team is awesome and eventually identified it as a commonality with customers who were looking for support regarding the issue.
We're in the home stretch of mv3 and as a result our team's attention is being split a bit. That said, I'll be looking to introduce a fix for this soon. For now, I'd definitely recommend turning off the inline menu until a future update of our extension (or turning off Scribe, whichever makes mores sense for you to do).
Same here, I also had the issue and the Scribe extension. Just disabled Scribe.
YES! it worked for me by disabling scribe and/or turning off autofill thanks @cagonzalezcs
@cagonzalezcs Interesting to read the issue here. Currently received an issue from our client that is using our checkout module on a webshop. The user indicated having this issue as well and is also using bw. Could you tell me what the status off this issue is?
@Remcospruijt
We just merged a fix for this into main yesterday. The details of that can be seen within this PR - https://github.com/bitwarden/clients/pull/9610
This fix will be going out in an upcoming release of the extension (not the next one, however).
I'm closing this thread for now as the issue should be resolved with that fix.