No longer announce final character of Windows 10 security PIN#7989
Conversation
…s isProtected property. However, the isProtected property now also cashes any positive result. I.e. If the object has protected at least once, then it stays protected for its lifetime. Fixes #7908
|
@michaelDCurran commented on 12 feb. 2018 05:19 CET:
I belief one occurence of a field that can be changed between protected and unprotected is the wireless password field in Windows 7. More interesting is the fact that Windows 10 sometimes tells me on a password field that I can press alt+f8 to show the password, but that has never worked for me. This pr might make this even less likely to work correctly? |
|
Making the wireless password unprotected would require moving the focus,
which then will use a new object. Thus it is not an issue.
Pressing alt+f8 to show the password: I have never managed to get this
to work either.
|
|
Hi, can we also try testing this on Windows 8.x as well, as these releases also let you use a pin to sign in? Thanks.
|
|
I tested this on a Windows 8 VM, and was happy with the result. |
| focusObject=getFocusObject() | ||
| if focusObject and (controlTypes.STATE_PROTECTED in focusObject.states or focusObject.role==controlTypes.ROLE_PASSWORDEDIT): | ||
| if focusObject and focusObject.isProtected: | ||
| return True |
There was a problem hiding this comment.
I do not care much, but you could as well just return bool(focusObject and focusObject.isProtected) here and avoid the if check? I know, really trivial.
Link to issue number:
Fixes #7908
Summary of the issue:
Some PIN code fields (such as in the Windows 10 Sign screen) disappear as soon as the last number is entered. As NVDA interigates the control each time a character is typed to see if the control is protected (in order to suppress reporting the number), the last number is usually reported as the control is dlying or has disappeared by the time NVDA asks.
Note however that focus has not yet moved to something else -- the control has mearly died.
Description of how this pull request fixes the issue:
Logic has been moved from api.isTypingProtected() into the base NVDAObject's isProtected property, which api.isTypingProtected() now checks.
The isProtected property now also caches any positive result, meaning that if the object is found to be protected at least once, then it will stay protected for the rest of its lifetime.
We do not cache any result, as it is possible that an object may first report as not protected and then become protected. for security reasons, we always want to bias this to being protected.
Testing performed:
With speak typed characters on:
Known issues with pull request:
We could special case this for the Windows 10 signin PIN field: but the major risk is that Microsoft may change the class name at any stage, therefore suddely unprotecting PINs with NVDA. The current solution protects against any similar usage pattern of a protected field disappearing on the final character.
An annoyence could be that there is a control that deliberately becomes unprotected after entering certain information. Unless the user moves focus away and back again, all further characters will be announced as "start". But I think this is a small price to pay for the removal of the above security risk.
Change log entry:
Bug fixes: