@Hacker0x01 Why `autocomplete=off` on your password input? Having the browser remember & autofill passwords seems safer than anything else.
@avlidienbrunn But it does, unless you use `X-Frame-Options: SAMEORIGIN` or `ALLOW-FROM: …` which @Hacker0x01 doesn’t.
-
-
@mathias@Hacker0x01 You don't have to frame it to access the content. See my second example. You can use window.open(). -
@avlidienbrunn You could abuse this if there’s XSS on the login page, but then you can log keystrokes anyway, autofill or not.@Hacker0x01 - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.