Archive for March, 2009

Update on the status of project

March 23, 2009

So what I have been doing for the past two weeks was to make the extension to work and clean up on the code. In my previous post, I mentioned that the difficulty that I encountered was to retrieve the information (hostname and ActionURL as indicated in Mozilla documentation for findLogins method) of the html form submitted so that I can search for the logins (nsILoginInfo object).

I was kind of stucked until I thought of the way to search for the code that actually saved the login when the form was submitted. This way, I can know how the information was stored and might be able to tell me how to retrieve the information. So, I search for the addLogins method in MXR. It pointed me to two files, nsLoginManager.js and nsLoginManagerPrompter.js. But it was quite difficult to search for which function was called when the login button was clicked. So, I tried to inspect
the notification bar (It contains the prompt “Do you want firefox to remember the password”) that pops up everytime we log in into a website.

So at the location was a button with the value “Remember”. It didn’t help much. I figured that the nsLOginManagerPrompter.js must be in charge of prompting the user, so I tried searching for the “Remember” word in the file. And it brought me to the _showSaveLoginNotification function. After going through the code, I come to the following sequence of function calls:

When a login form is Submitted -> _onFormSubmit() in nsLoginManager.js -> promptToSavePasswords() in nsLoginManagerPrompter.js -> _showSaveLoginNotification() to display the notification bar -> and finally addLogins() in nsLOginManager.js

So I noticed that in the _onFormSubmit function, it retrieves the information from the form submitted by calling the other two functions: _getPasswordOrigin to retrieve the hostname and _getActionOrigin to retrieve the formSubmitURL. I think these two should be the functions that I was looking for. So I extracted from the function, the code that I needed for my extension and it works. I also made use of the _getFormFields() function to get the value of the username field.

So, then I cleaned up the code and added some comments and it is now uploaded to Please feel free to give your comments and suggestions to me. Thanks.


Some progress and some difficulties

March 1, 2009

I have managed to hook the extra option into the ‘right click’ menu. Below is the screenshot.

I referred to the code of Ubiquity in checking which context was being clicked on. I managed to filter the case such that the option only appears when a text field is being clicked on by using document.popupNode.onTextInput. I also found an example in mozilla documentation that can check whether an image is being clicked on by using instanceof Components.interfaces.nsIImageLoadingContent.

I have been trying to search for a similar example to check for a password field, but I couldn’t find one. I checked out a few websites using DOMinspector¬† and noticed that the ‘type’ for the password field is usually “password”,¬† so I used this as one of the condition to determine whether the option should be disabled.

var passValue = document.popupNode.value;
var isHidden = ! (gContextMenu.isContentSelection() || gContextMenu.onTextInput);
var isDisabled = !(type == “password” && passValue);

One possible problem is that the option will be enabled whenever there is value in the password field, i.e it is not empty. Previously, I had wanted to enable it only when there is a password saved on this webpage. But I haven’t been able to do that. Not sure if this is a good way to do it. Please feel free to point out to me if there is a better way.

I have been looking at the passwordmanager related code in the /toolkit/component. As expected, they are not easy to understand. I managed to find a related XPCOM interface nsiLoginManager which provides methods to manage logins.¬† PasswordManager.js seems to be leveraging on this interface to remove the logins. But there are other parts of the code that I couldn’t really understand the purpose.

Instead, I tried to directly make use of the nsiLoginManager interface. It seemed to be able to delete the passwords saved. What I am trying to do is to use the findLogins() method to find the related logins saved for this webpage that is being visited, and then delete using the removeLogin() method.

I am having difficulty in using the findLogins() to retrieve the password. The arguments needed to search for the logins are ‘hostname’, ‘formSubmitURL’ and ‘httpRealm’. As I am currently only working on logins obtained from HTML form, so httpRealm can be set to null. I haven’t been able to retrieve the hostname of the webpage. Tried ‘document.URL’ and ‘window.location’ and they don’t seem to work. As for the formSubmitURL, I tried using ‘document.popupNode.form.action’ but it returns a full path of the form which is different with what is required.

Lastly, I am not very sure whether using the interface directly would introduce bugs or break other parts of the code. If anyone has any idea, please feel free to let me know.