@Hacker0x01 Why `autocomplete=off` on your password input? Having the browser remember & autofill passwords seems safer than anything else.
-
-
@avlidienbrunn Yeah, but you could do the same without autofill. Just read the password input’s value on submit.@Hacker0x01Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@avlidienbrunn My point is: XSS is a separate issue that is dangerous, with or without autofill. +@Hacker0x01 -
@mathias It's more dangerous if the attacker can get plaintext credentials. It's about mitigation, just like CSP and whatnot. +@Hacker0x01 -
@avlidienbrunn I meant: you can still get plaintext credentials with autofill disabled using your trick.@Hacker0x01 -
@mathias@Hacker0x01 That requires *way* more user interaction and is not the same thing. 0 or 1 click versus phishing someone...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.