I'm at beginner level for Chrome Extension development, but not new to software development. I manage ChromeOS devices across an entire school district. There is a specific testing site that requires students to login with a username and password. The password is always the same depending on a specific test. Teachers are finding that students are using saved passwords to skip to the next quiz.
We can disable password saving for all sites, enable it, or allow user to configure. I really do not want to disable password saving, as it is useful (especially for younger children) to not have to retype the password.
My only solution at this point is to push out an extension that manually adds the site .neversavepassword.com to the "Never Save" section of the Manage Password. However, after searching for the last 2 days I cannot seem to find any information on how I would do this (it does not seem possible).
What are my options at this point? The site already uses "autocomplete=off" but Chrome is ignoring this.
Here is the login form.
<div class="row-wrapper">
<div class="login-row">
<label for="tbUsername">User Name </label>
<input name="ctl00$cp_Content$tbUserName" type="text" value="test" maxlength="50" id="tbUserName" tabindex="1" class="loginTB" autocomplete="off" />
</div>
<div class="login-row">
<label for="tbPassword">Password </label>
<span><input name="ctl00$cp_Content$tbPassword" type="password" maxlength="20" size="25" id="tbPassword" tabindex="2" class="loginTBn" /></span>
</div>
<div class="login-row">
<button onclick="__doPostBack('ctl00$cp_Content$btnLogIn','')" id="btnLogIn" type="button" class="button hollow white" tabindex="3">
<span id="ctl00_cp_Content_spLogin" class="text">Log In </span>
<span class="glyph glyph-chevron-next"></span>
</button>
</div>
I'm thinking I can modify the form via javascript, but so far I've not had luck.
I appreciate any suggestions with this issue. Thank you!
First off, Chrome's official position is more or less "ignore any attempts to circumvent that".
Extensions cannot interact with the password manager, so that's not a way to a solution.
Update: There is chrome.privacy.services.passwordSavingEnabled, but that doesn't allow fine-tuning by site, it's only an on/off switch.
I've seen a page circumvent the mechanism by grabbing the credentials from the form with page code, clearing the form, and then doing a POST that's not connected with the original form. That confuses Chrome enough to think that the values were not used. Again, there's a good reason not to do this.