Skip to content

Fix secure Android TextInput same-text updates#57013

Open
sorinc03 wants to merge 1 commit into
facebook:mainfrom
sorinc03:fix/android-secure-textinput-state-update
Open

Fix secure Android TextInput same-text updates#57013
sorinc03 wants to merge 1 commit into
facebook:mainfrom
sorinc03:fix/android-secure-textinput-state-update

Conversation

@sorinc03
Copy link
Copy Markdown

@sorinc03 sorinc03 commented May 31, 2026

Summary:

Fixes #53696.

Android secure TextInput has a guard that skips replacing text when JS echoes the same content, preserving Android's transient password reveal timer. During the Kotlin conversion, this guard changed from TextUtils.equals(...) to equality between the current Editable and incoming Spanned text. Those can contain the same characters without comparing equal, so state updates re-apply the text immediately and hide the latest revealed password character.

This restores content-based equality for secure text updates and adds a regression test that same-text secure updates do not replace the existing Editable.

Changelog:

[ANDROID] [FIXED] - Preserve secure TextInput password character reveal timing when JS state echoes the same text.

Test Plan:

  • ./gradlew :packages:react-native:ReactAndroid:testDebugUnitTest --tests com.facebook.react.views.textinput.ReactTextInputPropertyTest -Preact.internal.useHermesStable=true
  • ./gradlew :packages:react-native:ReactAndroid:ktfmtCheck -Preact.internal.useHermesStable=true

@meta-cla
Copy link
Copy Markdown

meta-cla Bot commented May 31, 2026

Hi @sorinc03!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label May 31, 2026
@meta-cla
Copy link
Copy Markdown

meta-cla Bot commented May 31, 2026

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

@facebook-github-tools facebook-github-tools Bot added the Shared with Meta Applied via automation to indicate that an Issue or Pull Request has been shared with the team. label May 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. Shared with Meta Applied via automation to indicate that an Issue or Pull Request has been shared with the team.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Android] TextInput with secureTextEntry immediately hides symbol after state update

1 participant

@sorinc03