nightwatchjs/nightwatch

password visible in html output

Open

#3935 opened on Oct 16, 2023

View on GitHub
 (6 comments) (0 reactions) (0 assignees)JavaScript (11,707 stars) (1,289 forks)batch import
enhancementhelp wanted

Description

Description of the bug/issue

When using setValue in tests, and also ´setPassword`, the field is visible in the html, json and xml reports.

I found an old issue regarding this that was closed with a reference to a Browserstack configuration. But as far as I understand, that is not applicable if you're not using Browserstack.

Here is the issue I refer to: https://github.com/nightwatchjs/nightwatch/issues/758

Our solution to this was to do a string replace in the final report. We found it simpler than creating custom reporter since we wanted all the features of the standrad html report. Maybe there is a simpler more standard way of doing this? But ideally, Nightwatch shouldn't put values in the report if setPassword is used.

Steps to reproduce

  1. Use setValue or setPassword etc in a test
  2. Run the test with the html reporter
  3. Check the report for where the password field is set, it will display something like:
setValue('<selector>,<password in cleartext>)

Sample test

this.navigate()
        .isVisible('@userNameField')
        .setValue('@userNameField', username)
        .setPassword('@passWordField', password)
        .click('@signInButton')

Command to run

nightwatch --reporter html

Verbose Output

No response

Nightwatch Configuration

No response

Nightwatch.js Version

3.2.1

Node Version

19.9.0

Browser

Chrome 117.0.5938

Operating System

MacOS Ventura

Additional Information

No response

Contributor guide

Tech stack
javascriptnodejshtml
Domain
testing
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
needs maintainer response
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Basic understanding of Nightwatch.js
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
50
Research direction
Investigate the HTML reporter source code, likely in `lib/reporter/html.js` or similar. Look for where the step details (including `setValue` and `setPassword` arguments) are rendered. The goal is to mask password values from the output. Check existing issue #758 for prior context. Consider adding a configuration option or automatic detection of `setPassword` to redact the value.