From f32ed71dfc26a16b7b5923d7f1bc78e8cf0bd261 Mon Sep 17 00:00:00 2001 From: Jonathan White Date: Fri, 23 May 2025 09:25:25 -0400 Subject: [PATCH] Add safeguards to secure input on macOS (#11928) * Add safeguards to secure input on macOS * Fixes #11906 * Disable secure input when password widget is hidden as well as focused out * Add safeguard to ensure the internal counter that macOS keeps is always set to 1 preventing the ability to disable secure input by focus/unfocus a password field --- src/gui/PasswordWidget.cpp | 2 +- src/gui/osutils/macutils/MacUtils.cpp | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/gui/PasswordWidget.cpp b/src/gui/PasswordWidget.cpp index 03751c8b1..2568ff67b 100644 --- a/src/gui/PasswordWidget.cpp +++ b/src/gui/PasswordWidget.cpp @@ -231,7 +231,7 @@ bool PasswordWidget::eventFilter(QObject* watched, QEvent* event) if (isVisible() && (type == QEvent::KeyPress || type == QEvent::KeyRelease || type == QEvent::FocusIn)) { checkCapslockState(); } - if (type == QEvent::FocusIn || type == QEvent::FocusOut) { + if (type == QEvent::FocusIn || type == QEvent::FocusOut || type == QEvent::Hide) { osUtils->setUserInputProtection(type == QEvent::FocusIn); } } diff --git a/src/gui/osutils/macutils/MacUtils.cpp b/src/gui/osutils/macutils/MacUtils.cpp index 893ec8fcc..b943561dc 100644 --- a/src/gui/osutils/macutils/MacUtils.cpp +++ b/src/gui/osutils/macutils/MacUtils.cpp @@ -152,11 +152,22 @@ bool MacUtils::isCapslockEnabled() void MacUtils::setUserInputProtection(bool enable) { + static bool secureInputEnabled = false; if (enable) { + /* + * MacOS keeps a single counter over all apps that needs to be zero to disable secure input. By never going + * higher than 1 internally this makes sure secure input doesn't stay active after calling this function + * multiple times. + */ + if (secureInputEnabled) { + DisableSecureEventInput(); + } EnableSecureEventInput(); } else { DisableSecureEventInput(); } + // Store our last known state + secureInputEnabled = enable; } /**