nightwatchjs/nightwatch

password visible in html output

Open

#3,935 opened on Oct 16, 2023

View on GitHub
 (6 comments) (0 reactions) (0 assignees)JavaScript (1,289 forks)batch import
enhancementhelp wanted

Repository metrics

Stars
 (11,707 stars)
PR merge metrics
 (Avg merge 124d 5h) (1 merged PR in 30d)

Description

Description of the bug/issue

When using setValue in tests, and also ´setPassword`, the field is visible in the html, json and xml reports.

I found an old issue regarding this that was closed with a reference to a Browserstack configuration. But as far as I understand, that is not applicable if you're not using Browserstack.

Here is the issue I refer to: https://github.com/nightwatchjs/nightwatch/issues/758

Our solution to this was to do a string replace in the final report. We found it simpler than creating custom reporter since we wanted all the features of the standrad html report. Maybe there is a simpler more standard way of doing this? But ideally, Nightwatch shouldn't put values in the report if setPassword is used.

Steps to reproduce

  1. Use setValue or setPassword etc in a test
  2. Run the test with the html reporter
  3. Check the report for where the password field is set, it will display something like:
setValue('<selector>,<password in cleartext>)

Sample test

this.navigate()
        .isVisible('@userNameField')
        .setValue('@userNameField', username)
        .setPassword('@passWordField', password)
        .click('@signInButton')

Command to run

nightwatch --reporter html

Verbose Output

No response

Nightwatch Configuration

No response

Nightwatch.js Version

3.2.1

Node Version

19.9.0

Browser

Chrome 117.0.5938

Operating System

MacOS Ventura

Additional Information

No response

Contributor guide