The Kee Chrome Extension breaks Discuz!X3.4 site https://iya.app

compatibility

#1

IYA.APP is a Chinese forum site powered by Discuz! version X3.4. (The site does not support registering recently, but the issue can be reproduced without an account.)

Expected Behavior

Without Kee enabled, if I click the login button, there should be a normal login forum.

The Behavior with Kee Enabled

With Kee enabled, clicking the login button results in a gray shadow, with a “loading” information on the top right corner.
The HAR is uploading.

I have disabled every other extension and tested with only Kee. I’m sure Kee’s injection broke the site.


#2

With Kee disabled, screenshot:


#3

The HAR of incorrect behavior, uploaded to gist


#4

Did you mean disabled? It looks like the login form is showing correctly in your screenshot?

Do you know if the problem also occurs in Firefox?


#5

I’m sorry. You’re right.
With Kee enabled:


The text on the top-right corner reads “Please wait”


#6

Also, if I lock the database in KeePass (which means the Kee plugin displays “OFF”), the forum loads correctly.


#7

The similar problem occurs in Firefox.
I tested on Firefox 65.0.1 and Chrome Stable 72.0.3626.109, both x64, on Windows 1809 17758.4.


#8

I can’t reproduce this problem with the Kee 3.0 beta on Firefox 66. Either it’s something I’ve fixed in that version or some other software is causing a compatibility problem. Please can you check with Kee 3.0 and let us know if that fixes the problem?


#9

Hi, thank you for your reply. I just installed Kee 3.0 kee-3.0.1beta-an+fx.xpi on my Firefox 55.0.2 which is the latest release on my Windows and the problem was reproduced.
I’ve found out that the site uses the following code:

// excerpt from https://iya.app/data/cache/logging.js?hF1
// in the HTML, the "login" button has onclick=lsSubmit();
function lsSubmit(op) {
  // unrelated part skipped
  if ($('ls_username').value == '' || $('ls_password').value == '') {
    showWindow('login', 'member.php?mod=logging&action=login' + (op ? '&cookietime=1' : ''));
  } else {
    ajaxpost('lsform', 'return_ls', 'return_ls');
  }
  return false;
}

If Kee is loaded before the login button is clicked, $('ls_username').value and $('ls_password').value would be set to the corresponding item in my KeePass database, so the program would go to the else branch, but the CAPTCHA forms are not filled yet, so the ajax login would fail.
One possible solution may be disabling auto-fill on page load on this site, then I can click the Kee button to fill the form after the login window displays, but there is no configuration on this yet.


#10

Ah OK, so it’s not that enabling Kee causes the problem. In fact, it is that any auto-fill operation on their login form will trigger this bug in their website.

Without studying their site in detail I can’t say for sure but it looks like the correct fix would be for them to change their code so that it also checks for the CAPTCHA form completion status (presumably the captcha has been added later without regard to this code sample you provided).

In any case, doesn’t disabling auto-fill for the entry in question work around the issue?

You’re correct that you can’t disable auto-fill on a per-site basis but that should only be helpful if you have a huge number of entries for a site.


#11

Disabling on the field id ls_password helps. Thank you so much for your reply anyway.
(unrelated) Hope Kee3.0 would soon be available on Chrome.


#12

If you’re happy with the solution that’s great, although it sounds as though you’ve blacklisted the entire form which would prevent you from even manually invoking Kee to fill the login form when it has been displayed. I was referring to the option in each KeePass entry that controls auto-fill behaviour for that entry (i.e. go to KeePass, Edit the entry, go to the Kee tab and change the settings there).

Glad you’re looking forward to Kee 3.0 on Chrome. I’m waiting for at least another week to give the localisation team time to translate into multiple languages (and for a few other things) so hopefully it won’t be too much longer to wait.


#13

Both ways work. I’ve even forgotten there exists a Kee tab in KeePass client.

Thank you so much for your time.