github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-06 07:48:22 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[GH-ISSUE #6266] [PM-29763] Application Crash During Autofill with Illegal Special Characters in URI #15047

New Issue
Open
opened 2026-04-15 01:21:17 -05:00 by GiteaMirror · 4 comments
GiteaMirror commented 2026-04-15 01:21:17 -05:00
Owner
Copy Link

Originally created by @guillaumenibert on GitHub (Dec 14, 2025).
Original GitHub issue: https://github.com/bitwarden/android/issues/6266

Steps To Reproduce

  1. Save a Login entry with illegal special characters in the URI field: turn:198.51.100.1:5349[Password1234][] (not https://turn:198.51.100.1:5349[Password1234][]).
  2. Attempt to use the Android keyboard autofill feature on any site or application.
  3. The autofill crashes and stops working for all sites and applications.

Expected Result

The application should handle illegal characters gracefully, either by sanitising the input or by displaying an error message before saving the new Login entry, rather than crashing the autofill feature.

Actual Result

The autofill crashes and becomes unusable across all sites and applications.

flight_recorder_2025-12-10_12-03-22_anonymised.txt

Screenshots or Videos

Image

Additional Context

Since the Android Native update (2024.10.1), the autofill feature no longer works when certain illegal special characters are present in the URI field of a Login entry. Even a single Login entry with such characters causes the autofill to crash entirely.

While users should avoid including special characters at the end of a port or in the URI, mistakes or intentional inputs can happen.

Build Version

2025.11.1 (20994) - release/fdroid

What server are you connecting to?

US

Self-host Server Version

No response

Environment Details

No response

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @guillaumenibert on GitHub (Dec 14, 2025). Original GitHub issue: https://github.com/bitwarden/android/issues/6266 ### Steps To Reproduce 1. Save a Login entry with illegal special characters in the URI field: `turn:198.51.100.1:5349[Password1234][]` (not `https://turn:198.51.100.1:5349[Password1234][]`). 2. Attempt to use the Android keyboard autofill feature on any site or application. 3. The autofill crashes and stops working for all sites and applications. ### Expected Result The application should handle illegal characters gracefully, either by sanitising the input or by displaying an error message before saving the new Login entry, rather than crashing the autofill feature. ### Actual Result The autofill crashes and becomes unusable across all sites and applications. [flight_recorder_2025-12-10_12-03-22_anonymised.txt](https://github.com/user-attachments/files/24151059/flight_recorder_2025-12-10_12-03-22_anonymised.txt) ### Screenshots or Videos <img width="525" height="654" alt="Image" src="https://github.com/user-attachments/assets/c5499a8e-6b77-47eb-ae4d-6accb2b64da8" /> ### Additional Context Since the Android Native update (2024.10.1), the autofill feature no longer works when certain illegal special characters are present in the URI field of a Login entry. Even a single Login entry with such characters causes the autofill to crash entirely. While users should avoid including special characters at the end of a port or in the URI, mistakes or intentional inputs can happen. ### Build Version 2025.11.1 (20994) - release/fdroid ### What server are you connecting to? US ### Self-host Server Version _No response_ ### Environment Details _No response_ ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the app:password-managerbug labels 2026-04-15 01:21:17 -05:00
GiteaMirror commented 2026-04-15 01:21:20 -05:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Dec 14, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: PM-29763

<!-- gh-comment-id:3651435554 --> @bitwarden-bot commented on GitHub (Dec 14, 2025): Thank you for your report! We've added this to our internal board for review. ID: [PM-29763](https://bitwarden.atlassian.net/browse/PM-29763) [PM-29763]: https://bitwarden.atlassian.net/browse/PM-29763?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
GiteaMirror commented 2026-04-15 01:21:21 -05:00
Author
Owner
Copy Link

@pamperer562580892423 commented on GitHub (Dec 14, 2025):

Another user here.

Even a single Login entry with such characters causes the autofill to crash entirely.

I can reproduce that with your example URI field entry turn:198.51.100.1:5349[Password1234][] on Android app 2025.12.0 - and I tested it with Brave (autofill integration enabled) and on Firefox.

<!-- gh-comment-id:3651481013 --> @pamperer562580892423 commented on GitHub (Dec 14, 2025): Another user here. > Even a single Login entry with such characters causes the autofill to crash entirely. I can reproduce that with your example URI field entry `turn:198.51.100.1:5349[Password1234][]` on Android app 2025.12.0 - and I tested it with Brave (autofill integration enabled) and on Firefox.
GiteaMirror commented 2026-04-15 01:21:22 -05:00
Author
Owner
Copy Link

@SergeantConfused commented on GitHub (Dec 14, 2025):

Hello @guillaumenibert,

Thank you for your report. I was able to reproduce this behaviour and have flagged it to the Engineering department.
Please feel free to post additional information, such as screenshots or a screen video recordings, if you wish.

Thank you again,

<!-- gh-comment-id:3651784947 --> @SergeantConfused commented on GitHub (Dec 14, 2025): Hello @guillaumenibert, Thank you for your report. I was able to reproduce this behaviour and have flagged it to the Engineering department. Please feel free to post additional information, such as screenshots or a screen video recordings, if you wish. Thank you again,
GiteaMirror commented 2026-04-15 01:21:23 -05:00
Author
Owner
Copy Link

@david-livefront commented on GitHub (Mar 31, 2026):

This issue should be resolved in this PR.

The changes should make their way to production in the next couple weeks.

<!-- gh-comment-id:4165680228 --> @david-livefront commented on GitHub (Mar 31, 2026): This issue should be resolved in [this PR](https://github.com/bitwarden/android/pull/6748). The changes should make their way to production in the next couple weeks.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:password-manager bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#15047
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?