False positive TOTP field in internal SPA

[ginkel]

Hi there,

we have an internal SPA written in Typescript/Vue3/Quasar where a certain input form field is consistently detected as TOTP input field by the KeePassXC-Browser in Chromium.

The (partial) DOM hierarchy of this field looks like this:

<div class="col-6 q-pa-xs" dense="true" options-dense="true">
   <label class="q-field row no-wrap items-start q-field--filled q-input q-field--labeled q-field--dense" for="f_9c16af49-9f79-460c-bcab-8eba26ee0905">
      <!---->
      <div class="q-field__inner relative-position col self-stretch">
         <div class="q-field__control relative-position row no-wrap" tabindex="-1">
            <div class="q-field__control-container col relative-position row no-wrap q-anchor--skip">
               <input class="q-field__native q-placeholder" tabindex="0" options-dense="true" id="f_9c16af49-9f79-460c-bcab-8eba26ee0905" type="text" value="">
               <div class="q-field__label no-pointer-events absolute ellipsis">
                  Foo <!--v-if-->
               </div>
               <!---->
            </div>
         </div>
         <!---->
      </div>
      <!---->
   </label>
</div>

Any idea what may trigger this behavior? Is there a way for us to tweak the application so that the false positive no longer happens?

Thanks,
Thilo

[varjolintu]

This doesn't happen for me with the same HTML code. So for now, I have no idea. You haven't selected it with Custom Login Fields?

[droidmonkey]

Any post load injections? What is the final rendered html?