EON Energy auto-fill broken

nickwaters
nickwaters
Community Member
edited May 2020 in 1Password in the Browser

I've noticed that the login page for E.On (a large German / British energy firm) is broken.

You can get to the page here.

https://www.eonenergy.com/login

  • Type in anything "test@gmail.com" or "test123" (it doesn't matter what) and then click "Continue".
  • On the next page type in several characters and the "Log in" button turns red (ready to be clicked).

But, if you use 1Password's auto-fill (the browser extension) it fills in the data but doesn't change the "Continue" or "Log In" buttons from grey to red.

Basically if you add an extra character at the end of the username (and press backspace to remove it) then it works. The same trick is required for the password.

Obviously this is some weird anti-fill behaviour, much like an anti-copy and paste feature.

Is there any way that 1Password could fix this in the background (or implement the fix I described above)?

Thank you

Edited to add: I'm using the 4.7.5 extension in Google Chrome; not 1Password X.

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @nickwaters!

    There might be something strange going on with that website at the moment. This is what I get when I try to access the URL you shared:

  • nickwaters
    nickwaters
    Community Member

    Thanks for trying @ag_ana

    I don't know if they're using geo-fencing restrictions but the site's working for me.

    There is a sign (as of today) indicating the site is undergoing maintenace.

    Maybe if I bump this thread on Monday you'd be so kind as to take another look. :)

  • ag_ana
    ag_ana
    1Password Alumni

    Sounds good @nickwaters :+1: :)

  • nickwaters
    nickwaters
    Community Member

    Hi @ag_ana the site's loading for me (but not auto-filling passwords).

    Could you take a look when you get a moment?

    Than you

  • ag_ana
    ag_ana
    1Password Alumni

    @nickwaters:

    I have tried visiting the website again, but I still get a 403 - Forbidden :(

  • nickwaters
    nickwaters
    Community Member

    I've just tried it myself (using various countries via a VPN) and it's working.

    I also tried a proxy site (Kproxy.com) and pasting the URL into there and it's working through that.

    I'm not sure why it's not letting you visit. :|

    https://server6.kproxy.com/servlet/redirect.srv/sruj/shqcqascev/spqr/p2/login

  • gadget78
    gadget78
    Community Member

    the problem with the eon site, is that altho it will paste/fill in the field ok...
    the fact it wasn't "typed" the site doesn't see you have filled it, and thus wont let you press button ...
    if you type in any character on end of what 1pass filled for you, then delete that character (so the login/pass is correct again),
    it sees something has been typed, the button then lights up from being grayed out ... and you can continue ...

    hope that makes sense ?

  • @gadbet78

    Thanks for the assist.

  • nickwaters
    nickwaters
    Community Member

    Hi @gadget78

    if you type in any character on end of what 1pass filled for you, then delete that character (so the login/pass is correct again),

    Thanks for the suggestion - this is what I was stating in the original post... with a view to seeing if 1Password can automate that process. ;)

    Basically if you add an extra character at the end of the username (and press backspace to remove it) then it works. The same trick is required for the password.

    It seems Ana's having some difficulties getting onto the site.

    Perhaps if somebody from AgileBits in the UK (or a different country) could take a look?

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited May 2020

    I've also tried entering the website but am not getting through.
    Regardless, I know of the behavior you speak of.

    The website does not intentionally try to prevent autofilling. It is more of a design flaw than anything else. 1Password does not copy-paste or types anything into fields, it injects the input into the fields directly, so the JS of that design doesn't recognize that anything has been typed into it. I have encountered it before and the best suggestion I have is to send an email to the website's support, explaining why their login form's design negatively impacts the security of their users.

    We intentionally prefer to inject the data into the fields than to copy-paste or virtually type the information in order to prevent potential security risks such as keyloggers or other malicious programs that can record your keystrokes and/or your clipboard.
    There are no plans to address this specific issue as it is not that common, but I would give 1Password X a try if you can, it might work properly there since I do know it changes something in the field that often works where the good old companion extension doesn't.

This discussion has been closed.