Unsafe paste confirmation should not reveal contents in UI by default in secure input mode #4947
Comments
mitchellh
added
the
gui
mitchellh
changed the title
jcollie
added a commit
that referenced
this issue
Mar 5, 2025
Fixes #4947 for gtk This PR implements the senstive content hiding when displaying the paste confirmation dialog in secure input mode. Following changes are implemented: - in the blueprint for each dialog add a show/hide button that is not visible by default, and a Revealer that is revealed by default - save the `secure_input` action value for each surface in the GTK apprt - pass the value when initializing the paste confirmation dialog - in the dialog code, alter the visibility of the content and reveal/hide buttons based on secure input flag value Demo: https://github.com/user-attachments/assets/c91cbd3d-ed3b-464d-b4cf-e51fe7aa23b7 I feel like this is already a nearly full implementation, but I'm leaving this as a draft for now, since i need to look into blueprints for Adwaita 1.2, and verify if it behaves properly when the dialog is in not-sensitive input mode and in OSC52 mode.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Discussed in #4873
Originally posted by cryptocode January 9, 2025
In the image below (where I've cut off the password) I pasted a password with special characters for an ssh session, while in secure input "padlock mode"
The macOS secure input and padlock is a great feature that doesn't echo the password, so it's a bit of a bummer that the paste warning shows the password in clear text.
I feel like the warning should be suppressed, or at least not show the pasted value when in padlock mode.
Solution
We should send information along with the paste confirmation request of whether the paste contents are considered sensitive or part of secure input. If so, our UIs should hide the contents by default.
The text was updated successfully, but these errors were encountered: