@Hacker0x01 Why `autocomplete=off` on your password input? Having the browser remember & autofill passwords seems safer than anything else.
@mathias @Hacker0x01 You don't have to frame it to access the content. See my second example. You can use window.open().
-
-
@avlidienbrunn Browsers block popups by default. +@Hacker0x01Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@avlidienbrunn You could abuse this if there’s XSS on the login page, but then you can log keystrokes anyway, autofill or not.@Hacker0x01 -
@mathias@Hacker0x01 The XSS can be anywhere on the domain. Still one-click owned, and that's pretty shitty tbh: http://jsfiddle.net/avwUm/6/show/ -
@avlidienbrunn Yeah, but you could do the same without autofill. Just read the password input’s value on submit.@Hacker0x01
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.